2024年3月21日发(作者:)

arp防治办法(ARP prevention and control measures)

Analyze the principle and solution of ARP virus invasion

The ARP virus invasion network has caused most Internet cafes

and families to suffer!! Trick phenomenon: drop line! Here I

on-line to relevant information, network master of research ~

~!

Method for solving ARP attack

[cause of trouble]

Some people use LAN ARP spoofing Trojan program (for example:

Legend hacking software, some malicious plug-in legend is also

loaded with this program).

[malfunction principle]

To understand the fault principle, let's first take a look at

the ARP protocol.

In the LAN, the IP address is converted to second layers of

physical addresses (i.e., MAC addresses) through the ARP

protocol. ARP protocol is very important to network security.

By spoofing IP addresses and MAC addresses, ARP spoofing can

generate a large amount of ARP traffic in the network, blocking

the network.

The ARP protocol is the abbreviation of Address Resolution

Protocol (address resolution protocol). In LAN, the actual

transmission in the network is "frame", in which the MAC address

of the target host is inside the frame. In Ethernet, a host

communicates directly with another host, and the MAC address

of the target host must be known. But how do you get the MAC

address for this target? It is obtained by address resolution

protocol. Address resolution is the process in which the host

converts the target IP address to the target MAC address before

sending the frame. The basic function of the ARP protocol is

to query the MAC address of the target device through the IP

address of the target device, so as to ensure the smooth

progress of the communication.

Each computer with TCP/IP protocol has a ARP cache table, and

the IP address in the inside and outside is in one-to-one

correspondence with the MAC address, as shown in the following

table.

Host IP address, MAC address

A 192.168.16.1 aa-aa-aa-aa-aa-aa

B 192.168.16.2 bb-bb-bb-bb-bb-bb

C 192.168.16.3 cc-cc-cc-cc-cc-cc

D 192.168.16.4 dd-dd-dd-dd-dd-dd

We use host A (192.168.16.1) to send data to the host B

(192.168.16.2) as an example. When sending data, the host A

searches for the destination IP address in its own ARP cache

table. If found, we know the destination MAC address, directly

to the target MAC address to frame which sent it; if the ARP