The simplest explanation of ARP spoofing:
Normal state:
Your server-->Gateway--> After many lines--> Reaching site visitors Computer
Attacked state:
A malicious person attacks the gateway, disguising his server as a gateway, and letting your server consider his server to be a gateway and connect. Then, arbitrarily embed any code in your transmitted data (web page) and send it to the website of the visitor's computer.
The only thing you can find is that the connected mac address is the MAC address of the NIC that masquerades the gateway, so it is easy to judge. You can use this mac address to find a network administrator to query, but for a variety of reasons, there may be no way for the network management network to handle it for you.
Start-->Run: arp -a
You can query the gateway IP and corresponding MAC address, and the normal output will be similar to the following:
Interface: 222.77.88.88 --- 0x10003
Internet Address Physical Address Type
222.77.88.1 00-00-0c-07-ac-46 static <---- This The record is the gateway, and the normal data is fixed.
222.77.88.2 00-09-b6-16-24-ca dynamic
222.77.88.3 00-09-b6-17-0a-8a dynamic
222.77. 88.50 00-0f-e2-13-5f-3b dynamic
Temporary workaround:
1. Create a file named arp.bat
2, the file content is the following code:
@echo off
arp -s 222.77.88.1 00-00-0c-07-ac-46
< Br>
Description: arp -s gateway IP gateway MAC address
The IP of the gateway can be seen by looking at your network card properties.
And the MAC address of the gateway is output with arp -a when your server is not attacked.
3, set the scheduled task, execute this arp.bat regularly, the time can be grasped by yourself, for example, automatically executed in 5 minutes.
This is just a temporary solution. You are not always in front of the server. Even if you are attacked by ARP, it will automatically return to normal after 5 minutes.
Why the server is always dead:
First check the network to eliminate the possibility of high load and attack.
If you still crash, go into safe mode and see:
If you don't die, prove that the server has software conflicts, try not to open unnecessary programs and services
If you are still dead To prove hardware conflicts, you need to use the replacement method to find incompatible hardware, eliminate the problem of virus attacks and system defects, whether to enter the CMOS system to check the frequency, whether to set "overclocking", general compatibility opportunities on the main frequency as much as possible The settings are larger to maximize the performance of the system, but after a certain limit of the main frequency, there will be a crash.
Users always want a simple and efficient metric to quantify the evaluation server system, as a basis
IIS 7.0, released with Windows Server 2008, is much more powerful than its predece
This article mainly describes the IIS not found provider The program may not be installed correctly
which is again a problem with the client Exchange server. Exchange 2003 and DC are the same server.
The comparison of various dual-core server CPUs (detailed image)
Prevent the replacement of shift after the door lift (sethc.exe back door)
What permissions do I need to join the domain?
How large is the server 1U size?
Save a lot of disk space Analyze thin provisioning
mSQL database development technology under Linux
The solution to the infinite loop in IIS (Dllhost.exe takes up CPU100% solution)
Interpretation of Content-Length in the Http Protocol
How to quickly determine whether the server has been maliciously invaded
Hardening security Configuring SSL
Why does the Linux server log in and displays the "-bash-3.2#"
Win10/WP8.1 Microsoft account recovery code is very important
Download Vista Ultimate from Microsoft Server
Twelve password cracking methods commonly used in computers
Windows8 System Windows7 Compatibility Mode
The date style on the Win8 taskbar doesn't like how to change
Win10 version rose to Build 10022 new version screenshot exposure
How to add custom fill pattern in AUTO CAD
See the improvement of Windows7 through Chinese version (4)