Shulou(Shulou.com)06/01 Report--

This article mainly explains "how to bind IP and MAC addresses with Linux Arp commands to prevent ARP spoofing". The content of the article is simple and clear, and it is easy to learn and understand. Please follow Xiaobian's train of thought to study and learn "how to bind IP and MAC addresses with Linux Arp commands to prevent ARP spoofing".

Linux Arp command harm: Linux Arp command is extremely harmful, some viruses use ARP to cheat, not only affect their own machines, but also affect other machines with the same network segment, adding virus code to the HTTP packets of other machines.

1, code examples such as: this virus is very harmful! Even if you do a good job in the security of your machine, there is no way to guarantee the safety of other machines on the same network segment.

Solution: bind IP and MAC addresses in both the gateway and the local machine to prevent ARP spoofing.

2. Linux Arp command convention

A. the machines brought below have been bound on the gateway. Gateway IP:192.168.1.1 MAC:00:02:B3:38:08:62

B. IP:192.168.1.2 MAC:00:04:61:9A:8D:B2 of the Linux host to be bound

3. Linux Arp command binding steps

1. Use arp and arp-a to view the current ARP cache list.

[root@ftpsvr] # arp Address HWtype HWaddress Flags Mask iface 192.168.1.234 ether 00:04:61:AE:11:2B C eth0 192.168.1.145 ether 00:13:20:E9:11:04 C eth0 192.168.1.1 Ether 00:02:B3:38:08:62 C eth0

The Linux Arp command describes:

Address: IP address of the host

Hwtype: hardware type of the host

Hwaddress: hardware address of the host

Flags Mask: record flag, "C" represents an entry in the arp cache, and "M" represents a static arp entry.

[root@ftpsvr] # arp-a

? (192.168.1.234) at 00:04:61:AE:11:2B [ether] on eth0

? (192.168.1.1) at 00 on eth0 16V 7622 on eth0 23V 86 [ether]

2. Create a static mac-- > ip corresponding table file: ip-mac, and write the bound IP and MAC underground to this file in the format of ip mac.

[root@ftpsvr ~] # echo '192.168.1.1 00:02:B3:38:08:62' > / etc/ip-mac

[root@ftpsvr ~] # more / etc/ip-mac

192.168.1.1 00:02:B3:38:08:62

3. Set automatic binding on boot

[root@ftpsvr ~] # echo 'arp-f / etc/ip-mac' > > / etc/rc.d/rc.local

4. Perform the binding manually

[root@ftpsvr] # arp-f / etc/ip-mac

5. Confirm whether the binding is successful

[root@ftpsvr] # arp Address HWtype HWaddress Flags Mask iface 192.168.0.205 ether 00:02:B3:A7:85:48 C eth0 192.168.1.234 ether 00:04:61:AE:11:2B C eth0 192.168.1.1 Ether 00:02:B3:38:08:62 CM eth0 [root@ftpsvr] # arp-a? (192.168.0.205) at 00:02:B3:A7:85:48 [ether] on eth0? (192.168.1.234) at 00:04:61:AE:11:2B [ether] on eth0? (192.168.1.1) at 00:02:B3:38:08:62 [ether] PERM on eth0

From the list of ARP caches before and after binding, you can see that the record flag of the gateway (192.168.1.1) has changed, indicating that the binding was successful.

Thank you for reading, the above is the content of "how to bind IP and MAC addresses with Linux Arp commands to prevent ARP spoofing". After the study of this article, I believe you have a deeper understanding of how to bind IP and MAC addresses with Linux Arp commands to prevent ARP spoofing, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.