ARP Solutions / Tools Real Whate ARP Prevention Difference Method ARP Ultimate Solution (Requirements for Friends)
I saw many friends in these days, I was proposed some online programs. I would like to solve the ARP problem. I have a friend asked for help. I don't talk about it, I will catch it together. (Solution in the final) ARP analysis and solve. If you The network appears, overall suddenly turns off the line, or some machine is turned off, then a one machine is turned off. And there are several types of drops automatically recover, then I am very enthusiastic. Congratulations. You win. The prize is ARP spoof. Don't be happy, you don't have to be excited, because this award is very big, very friend is deeply affected. Thearp is awkward. He said here. To say a friend "forgot grass "Specially add another," Don't drop the line, all seemingly normal ArPARP spoofing principle: In the same NET, the machine is communicating through the MAC address. The method is, the PC and another device communication, the PC will look for each other The IP address, and then pass the corresponding MAC address in the ARP table (which can communicate IP and IP in the ARP table). Communicate with each other through the MAC address. This means that each device is looking for each other in the internal network. And the address used to communicate is a MAC address, not an IP address. But the design of the ARP mode did not take into account too much security issues. A lot of hidden dangers for ARP, ARP spoof is one of them. Any one in the network Both machines can easily send ARP broadcasts to claim their IP and their own Mac. This machine will build a ARP item in their own ARP table, record his IP and MAC addresses. If this broadcast Other machines are also acceptable. For example: 192.168.1.11 Machine MAC is 00: 00: 00: 11: 11: 11, he broadcasts his IP address in the intranet is 192.168.1.254 (It is actually the IP of the router), the MAC address is 00: 00: 00: 11: 11: 11 (his own real Mac). This will give 192.168.1.254 information and send 00:00 : 00: 11: 11: 11. That is, 192.168.1.11 ... With this method, the deceived only need to be a software, you can swindle who is in the intranet. And the software is everywhere. Yes, it will be used in casually. If you want more casual ... Based on principle, ARP is divided into technology to deceive and deceive the route. Their differences are carefully elaborated in the following ARP solution. ARP spoofing: After the online game, the network hacking, the Trojan is also crazy .arp deception is a very good hairdress. When you use your own Internet cafe, find the MAC address of the intranet gateway, then send yourself ARP Deception, the machine that told the intranet so it is a gateway. For example: 192.168.1.55 mac00-14-6c- 18-58-5A The machine is a flicker's hacking machine. First, he will first find the gateway of the intranet (the intranet network is 192.168.1.1 Mac is xx.xx.xx.xx.xx.xx). After that, he will send ARP broadcast, saying that his IP address is 192.168.1.1 MAC address is 00-14-6C-18-58-5A. In this way, all the internal network received him will send a machine Put it to the gateway of the intranet. All Internet information will be sent to this machine through his MAC address, and these deceived machines cannot be online due to the real gateway. All information sent by this hacking machine will be received by analyzing the information received. He can find useful information in it, especially for the part of the account, to get the player's account, the hacking event. ARP discovery: Then we have dropped lines, is it ARP? How to judge it. Good, here give a method, but please say it again. [After the content is not blocked, you can view] ARP Tongxia is a drop line, and can be discriminated by the following ways based on the line. Under normal circumstances, you can reply to normal access within 1 minute. Because the ARP spoof is time limit, it will automatically reply to normal. Moreover, most routers now keep broadcasting their correct ARP in a short time, making the deceived machine reply normal.
But if an aggressive ARP spoof (in fact, there is a very short amount of deceived Arp, there is a few hundred thousand thousands of time), he is constantly blocked by very large ARP spoofed from the Internet, even if the router Constantly broadcasting the correct package will be overwhelmed by his large number of error messages. 2. Open the DOS interface of the cheated machine, enter the arp -a command to see the associated ARP table. If you see the MAC address of the gateway, you can discriminate the ARP spoof, but due to the time limit, this work must be normal before the machine replys. carry out. If a spoofing problem occurs, an erroneous gateway MAC address will appear, and the real gateway Mac pair of black and white tiles. ARP Solution: Now I see the ARP solution, I feel a bit efficient, and I don't stabilize. I am Learn to the route. Take him as an example. 1. Route ARP broadcast. Domestic hardware routes have this function, earliest is to discover this function in the Xinji route. It feels good, it is quite method, but in soft routing It seems that the brothers of the soft routing have not been discovered. His principle is the correct router ARP ARP, the router is uninterrupted. For example: the IP of the router is 192.168.1.1 Mac: 11: 12: 13: 14: 15: 16, then broadcast your own correct ARP every second. Whether your intact machine likes to receive, 1 second to receive one second, receive it, change the ARP table, change the ARP table. Infinite endless, endless, child herdon is infinite loss ..... If there is ARP spoof, deceived spoof information, PC just received the right information. So the problem is solved. But there is A hidden dangers are the problem of broadcasting storms. Will uninterrupted broadcasts should be in the Internet? "Ask questions, please ask the engineers in China, engineers are very enthusiastic, thank you. First). Send APR broadcasts every second time, the network is minimal, because any machine will have broadcasts, more ARP is equivalent to the amount of information, the amount of information, will not affect the internal network , But this way has his problem, when the deceived increases the frequency of deceived Arps exceeds the route (very easy to achieve the deceived software), it will cause deception. Solve should be simple, it is to increase router. Broadcasting frequency, but Xin X's engineer denies this method, please see Article 2. 2. Exceeding Route ARP broadcast. Recently, individual routing manufacturers can fully prevent ARP problems. I am going to learn honors. It took a closing method, and it had to be disappointed. It is very disappointed and sad. The so-called complete prevention is actually the front routing ARP broadcast, but simply increases the frequency to 100.200 ...... This method effect Look at the ARP is really better than once every second. But it is not worth it, even a bit ..... I don't say it, I am so excused. It is simple to analyze it, and 100 is 100 per second, that is, the router 1 second time will issue 100 ARP broadcasts, 200 computers, each machine is processed 100 times per second. If there are 10 switches, there will be 10 switches to process 100 times. Every switch will forward the information, this The processing amount of the ARP information is calculated according to the 10n party * 100. If you understand the mode of the broadcast, you will be clear, and the exchangers will keep the delivery information, you sent it to everyone, I I received it, I will also send it to you. Everyone has received or sent it to everyone. This information is to be 10,000 in each PC. (This amount should be only small?). Dry 100 times. I don't know what the network is going to be.? PC doesn't matter if the old maintenance ARP table does not do anything else? For an ARP, 7 * 24-hour tossing network is worth it? How much is the network performance? When a person is full or a small attack in the Internet, the Internet cafe is not a bit difficult, and the dead word is easy to write. Of course, you can't feel it. But I want to ask an engineer who wants this method. You have this program, is it to solve the problem? 3. Tropic recommended method. Static binding. ARP solves the most effective way, is essentially eliminating his deception. Deception is to deceive intranet machines through ARP's dynamic real-time rules, so we set all ARP all to static to resolve the deception of the intranet PC. The method is: Find the MAC address of the LAN port of the router, help the MAC address to each PC on each PC through a static manner. By command, ARP -S can be implemented. First, create a batch file.
Only one line of order, "ARP -S Internal Network Gateway Gateway MAC Address", for example: "ARP -S 192.168.1.1 00-13-32-33-12-11". Put the batch file in the startup, so This file will be executed each time, even if there is ARP spoof, because we set a static method, the PC will not pay attention to the deceived ARP. If the setting success will see the relevant tips on the PC, you can see the relevant tips: Internet Address Physical Address Type 192.168.1.1 00-0F-7A-05-0D-A4 Static (static) is generally not bound, in the case of dynamic: Internet address physical address type 192.168.1.1 00-0f- 7A-05-0D-A4 Dynamic ARP's deception of the route. After doing static binding, will it still drop the line? Or is it ARP? Unfortunately, it is ARP (ARP routing deceived). Because there is The problem is not resolved. Everyone imagines that now, if the deceived does not pretend to be a gateway, how will the PC pretending to be the intranet? The answer is a drop line, who is pretending who, who dropped. Because the router can't find you after receiving the deceive arp, the information forwarded to your information is given the deceived machine ... We can bind the gateway on the PC. Is it binding the PC on the routing? The answer is Needrying, don't I bind each PC's MAC address in the Internet, it is exhausted, and hundreds of MAC addresses are dizzy, and if there is any changes, there is a need to adjust the router, and hundreds of records are also Too tired. Testing multiple devices for this issue, including 3 versions of soft routing, Xin X, Man X, Ai X, etc. Product (everyone also wants to test, give local manufacturers agent You have to try, simple). The end result is not satisfactory, soft routing has only one way to solve the method, and it is a binding method .3 hard routes have 1 model to completely prevent, 2 Need bindings (remind everyone, 2 products have limitations, more than quantity cannot be resolved, pay attention to inquiry when purchasing). I have made some research but no results, I have opened X Xin X Engineer phone, ask the method. Security is much better than the free Linux system, this 2-generation system itself can maintain a database, do not extract data from the hardware database, the data sheet content is collected when the PC is online, and the ARP spoof is not睬 睬 理 理 对 对 基 基 面 给 改 改 改 改 改 改 改 改 改 改 改 改 改 改 改 改 改 改 改 改 改 改 改 改 改 改 改 改 改 改 ... ... ... ... ... ... ... ... ... ... ... ... It is mentioned, if there is still an idea, please come out. Let's discuss it together ... After supplementing a problem with ARP deception, he is a switch, a lot of managed switches they have an ARP form to maintain And through this table to improve data exchange efficiency. If ARP spoof is displayed, the switch will not send data to the target IP, so you need to make a static ARP binding in the switch. Why don't you drop the line, everything seems to be normal Do you have an Internet cafe? If you lose the QQ number, the problem of losing the wallet is, especially the large area lost account, a large part is arp. The principle is: deceived, first deceive the PC Router. In this case, the PC sends the information to the deceived, then deceived the information to the router. When the deceived receives the information from the router, then send the corresponding PC. This will never affect the intranet. PC Normal Internet access, intercepted the Internet information of the PC, you can hack your game account, stole your QQ number. Stealing your wallet he has to change another method (next article focuses on preventing wallets.) Solution to everyone: 1. Xin X does not need to upgrade, you can solve the problem of ARP fraud router, because he can prevent itself, the reason is to use VxWorks II, and do not solve it in front of it. In addition, it reiterates that the method of easy access is easy ... The router sends an ARP package to solve the ARP spoof method, which is very awkward, a second hundred hundred times ARP sent method ........ 2 .
Kill viruses or reinstalling the system is not too much, because can you guarantee that it is not infected, can someone actively run in the network? 3. For those all kinds of Server, it is indeed a headache, because whether it is liuxn or Windows, it is necessary to face a variety of internal networks. But there is a good news, I have a software with a network management, as if I can solve similar problems. The software is not bad in terms of technological estimation software. 4. There is a friend to change the IP and Mac of the internal network PC, set to the routing conflict, so that the route dwon. This problem beyond the Category of ARP. However, what you said is really destructive, and my previous soft route is really afraid of this thing. But it is okay to use the Xinji route. If you have any questions, I will try to discuss with everyone. . . Additional Xinji ARP tools and introduce how to use methods and techniques. After these 2 days of testing and use, this tool found that the tool is still very adapted to the trend. It is a good job, it is a good comrade, it is. . . . Ok, first discuss how to use it. Tools recommended here include: 1. Into the ARP tool. Includes a comprehensive ARP prevention function. (Including WinPCAP_3_0. Please install this software first) download address: http://www.nuqx.com/downcenter.asp (tried for 1 hour, the upload function of this forum is really not playing, everyone go Xinhuan.) 2. Catch the package tool. EthereAl-setup-0.10.8. http://www.ethereal.com/distribution/win32/ethereal-setup-0.10.8.exe Xinji ARP Tool. (Xin full to the ARP tool .exe) A total of 5 functions (all the features that need to save files in the software are saved in the directory where the software is located) 1. IP / MAC list a. Select a network card. If it is a single network card, it is not required. If it is a multi-NIC, you need to set the block card that connects the intranet. B. IP / MAC scan. Here, you will scan all the IPs and MAC addresses of all machines in the network. Please scan normal when the intranet is running, because this form will be used as a reference to the ARP. The subsequent functionality requires the support of this table. If the prompt cannot obtain IP or Mac, there is no corresponding data in the table here. 2. ARP spoof detection This feature will always detect whether there is an IP in the intranet to blame the table. You can set the main IP to the test form, for example, routers, movie servers, and so on to access machine IPs accessed by the intranet machine. (Supplement ") ARP fraud record" table understands: "Time": Discover the time of the problem; "sender": send spoof information IP or Mac; "repeat": The number of fraudulent information is sent; "ARP INFO": means sending Download specific content. As described below: Time Sender Repeat ARP INFO22: 22: 22 192.168.1.1.112 1433 192.168.1.1 is at 00: 0E: 03: 22: 02: E8 This information is: at 22:22 : 22 time, detected deceptive information from 192.168.1.22, has been sent 1433 times, the content of the deceptive information he sent is: 192.168.1.1 MAC address is 00:0e: 03: 22: 02: E8. Open the detection function, if the spoofing of IP in the table occurs, a prompt will appear. You can find the root cause of the ARP spoofing of the intranet as prompted.
