Tips to prevent Win2003 from being attacked by ARP

In the process of using the computer, we will inevitably encounter the problem that our network is attacked by ARP. The so-called ARP attack is to achieve ARP spoofing by forging IP address and MAC address, and can generate a large amount of ARP traffic in the network. Block the network, causing network interruption or man-in-the-middle attacks. If we are using the older Win2003 system, how to effectively defend it?

Generally, it is necessary to do the prevention work in advance, and at the same time, it needs to do two-way binding work on the client and the router. Regardless of whether the ARP virus is forging the IP/MAC of the local machine or the address of the gateway, there will be no problems such as dropped Internet or large-area disconnection.

1, activate to prevent ARP virus attack:

Enter the Qno Qiao router's web management page "Firewall configuration" & rdquo; "Basic page", activate & ldquo; prevent ARP virus attack ”.

2. Bind the IP address of the gateway to each PC and its MAC address

Enter the Dos operation of the computer, and use the arp –s command or batch to achieve the binding work of the pc. (Command format: arp –s [router IP address] [router MAC address]).

Or use the same method for other hosts in the network to enter the corresponding host IP and MAC address to complete IP and MAC binding. But this action, if you restart the computer, the effect will disappear, so you can make this command into a batch file, put it in the startup of the operating system:

@echo off

arp -d

arp -s router LAN IP router LAN MAC

After binding on the computer, it will not receive ARP spoofing attacks and send messages to the IP/MAC of the forged gateway. .

For an intranet that already has an ARP attack, find the source of the attack. Method: When the network is not on the PC or the ping packet is lost, use the arp –a command under DOS to see if the displayed MAC address of the gateway is the same as the real MAC of the router. If not, look for the PC corresponding to this MAC address. This PC is the attack source.

3, bind the user IP /MAC address on the router side

Qno Qno router provides IP /MAC binding function, you can the IP of the internal network computer and the corresponding MAC address Bind together, so that the router blocks the unbound IP/MAC. When the intranet has ARP spoofing attack, its fake IP/MAC sends a message to the router. At this time, the fake IP/MAC is not in the router. In the IP/MAC binding list, the router will reject such messages and block them.

4, further prevention

Qno's technical engineers suggest some means to further control ARP attacks.

(1) Virus source, processing the virus source machine, anti-virus or reinstall the system.

(2) Internet cafe administrators check LAN viruses and install anti-virus software.

(3) Install patches to the system.

(4) Set a strong enough password for the system administrator account.

(5) Frequently update anti-virus software, install and use network firewall software.

(6) Close some unneeded services, conditions can be allowed to close some unnecessary sharing, including C$, D$ and other management shares. Users who are completely single can also directly shut down the Server service.

(7) It is recommended that users do not click to open the link information sent by QQ, MSN and other chat tools to avoid the spread of viruses.

Summary

The above detailed analysis of the principle and solution steps, if we through the above steps to solve the ARP virus attack is effective. Although the ARP virus version is constantly updated and continuously upgraded, it will bring new impacts and harms to enterprise users and Internet cafes. However, if the prevention and control work can be done in advance, it is believed that the harm of ARP will be reduced to a minimum.