generally need to do precautions in advance, and need to do two-way binding work on the client and router, so that regardless of ARP virus is to fake the local IP /MAC or gateway address There will be no problems such as dropped Internet or large-area disconnection. 1. Activate ARP virus protection: Enter the “Basic Page” of the Qno's web management page. “Basic Page”, activate “ ARP virus attack”. 2. For each PC, the IP address of the gateway and its MAC address are entered into the Dos operation of the computer, and the binding of the PC is implemented by arp –s or batch processing (command format: arp –s [router IP address] ] [Router MAC Address]). Or use the same method for other hosts in the network to enter the corresponding host IP and MAC address to complete IP and MAC binding. But this action, if you restart the computer, the role will disappear, so you can make this command into a batch file, put it in the startup of the operating system: @echo offarp -darp -s router LAN IP router LAN MAC on the computer After binding, it will not receive ARP spoofing attacks and send messages to the IP/MAC of the forged gateway. For an intranet that already has an ARP attack, find the source of the attack. Method: When the network is not on the PC or the ping packet is lost, use the arp –a command under DOS to see if the displayed MAC address of the gateway is the same as the real MAC of the router. If not, look for the PC corresponding to this MAC address. This PC is the attack source. 3. Bind user IP/MAC address on the router side Qno Qiaonuo router provides IP/MAC binding function. You can bind the IP of the intranet computer to the corresponding MAC address, so that the router is not bound. IP/MAC blocks it. When the intranet has ARP spoofing attack, its fake IP/MAC sends a message to the router. At this time, the router refuses because the forged IP/MAC is not in the IP/MAC binding list of the router. This type of message, block it. 4, further prevention Qno Qeno technical engineers suggest some means to further control ARP attacks. (1) The source of the virus, the machine at the source of the virus is processed, the virus is disinfected or the system is reinstalled. (2) Internet cafe administrators check LAN viruses and install anti-virus software. (3) Install a patch to the system. (4) Set a strong enough password for the system administrator account. (5) Frequently update anti-virus software, install and use network firewall software. (6) Close some unneeded services. If conditions permit, you can turn off some unnecessary sharing, including management shares such as C$ and D$. Users who are completely single can also directly shut down the Server service. (7) It is recommended that users do not click to open the link information sent by QQ, MSN and other chat tools to avoid the spread of viruses.
Summary
We have solved the ARP virus attack through the above comprehensive method. Although the ARP virus version is constantly updated and continuously upgraded, it will bring new impacts and harms to enterprise users and Internet cafes. However, if the prevention and control work can be done in advance, it is believed that the harm of ARP will be reduced to a minimum.