ARP攻击与防范课程
交换机绑定MAC地址和端口、在客户机绑定网关IP和MAC地址的“双绑”方法预防,但由于网管的办公量太大,且不能确保所有的用户都在自个的电脑上绑定网关IP和MAC地址,所以我们采纳以下方法来预防和查找ARP攻击。我们推荐用户在自个的电脑上安装ColorSoft开发的ARP防火墙(原名AntiARPSniffer),该软件通过在系统内核层阻拦虚假ARP数据包以及自动通告网关本机准确的MAC地址,可以保证安装该软件的电脑正常上网;阻拦外部对本机的ARP攻击和本机对外部的ARP攻击。假如发现内部ARP攻击,直接管理本机就行了;假如发现外部ARP攻击,则依据实际状况通过攻击者的IP地址和/或MAC地址查找该攻击者电脑(The switch is bound to the MAC address and port, and the gateway IP and MAC address are bound to the client. The "double binding" method is used to prevent, but due to the heavy workload of the network management, it cannot ensure that all users are bound on their own computers. Gateway IP and MAC address, so we take the following methods to prevent and find ARP attacks. We recommend users to install the ARP firewall (formerly known as AntiARPSniffer) developed by ColorSoft on their own computers. This software blocks false ARP packets at the system kernel layer and automatically informs the gateway of the exact MAC address of the local machine, which can guarantee the computer where the software is installed. Normal Internet access; block external ARP attacks on this machine and local ARP attacks on external machines. If an internal ARP attack is found, just manage the computer directly; if an external ARP attack is found, search the attacker's computer through the attacker's IP address and/or MAC address according to the actual situation)
页:
[1]