Ways to solve LAN ARP attacks

Recently, someone and I Xiaobian said: When surfing the Internet in the LAN, some people use network law enforcement officers and other tools to limit their own Internet access or someone in the LAN has ARP virus, automatically send a large number of ARP attacks LAN Other machines. The usefulness of ARP firewall is not very obvious. How to solve this problem completely? Let's take a look at the solution: Let's first introduce what is ARP: ARP attack is to achieve ARP spoofing by forging IP address and MAC address. It can generate a large amount of ARP traffic in the network to block the network, and the attacker only needs to continue. The fake ARP response packet can change the IP-MAC entry in the target host ARP cache, causing network interruption or man-in-the-middle attacks. The ARP attack mainly exists in the LAN network. If a computer in the LAN is infected with an ARP Trojan, the system infected with the ARP Trojan will attempt to intercept the communication information of other computers in the network by means of “ARP spoofing”. Causes communication failure of other computers in the network. When a machine A sends a message to host B, it will query the local ARP cache table and find the MAC address corresponding to the IP address of B. If not found, A broadcasts an ARP request message (carrying host A's IP address Ia— — physical address Pa), and requesting host B with IP address Ib to answer physical address Pb. All hosts on the network, including B, receive an ARP request, but only host B identifies its own IP address, and then sends an ARP response packet to the host A. It contains the MAC address of B. After receiving the response from B, A will update the local ARP cache. This data is then sent using this MAC address (the MAC address is attached by the network card). Therefore, this ARP table of the local cache is the basis for local network circulation, and this cache is dynamic. First, bind IP/MAC on the firewall; second, use the network version of the ARP firewall, you can go to Baidu search & rdquo; ARP firewall & ldquo;; Third, use two-way binding on each machine to solve and prevent ARP spoofing. 1. Bind the IP address and MAC address of the security gateway on the PC: 1) First, obtain the MAC address of the router's intranet (for example, the MAC address of the HiPER gateway address 192.168.16.254 is 0022aa0022aa (when the Internet is available, open the command line) At the prompt, enter: arp -a Enter, you can see the current ip and mac address of the gateway)). 2) Write a batch file rarp.bat as follows: @echooff arp-d arp-s192.168.16.25400-22-aa-00-22-aa Change the gateway IP address and MAC address in the file to your own The gateway IP address and MAC address can be. Drag this batch software to “windows--start--program--start”. 2. Bind the IP and MAC address of the user host on the router (supported by the router software version after 440): Bind each host of the LAN in the HiPER management interface--advanced configuration--user management. After these three steps, the general ARP attack is far away from us. This article comes from [System Home] www.xp85.com