3. Monitor Gratuitous ARP, Gratuitous ARP could mean both gratuitous ARP request or gratuitous ARP reply.
ARP欺骗及其防范
原创
©著作权归作者所有:来自51CTO博客作者simon的原创作品,谢绝转载,否则将追究法律责任
ARP欺骗
The principle of ARP spoofing is to send fake, or "spoofed", ARP messages to an Ethernet LAN. Generally, the aim is to associate the attacker's MAC address with the IP address of another node (such as the default gateway). Any traffic meant for that IP address would be mistakenly sent to the attacker instead.
利用ARP欺骗成功毒化目标主机的ARP缓存之后,可以实施以下三种攻击行为:
The attacker could then choose to forward the traffic to the actual default gateway (passive sniffing) or modify the data before forwarding it (man-in-the-middle attack). The attacker could also launch a denial-of-service attack against a victim by associating a nonexistent MAC address to the IP address of the victim's default gateway.
即数据包嗅探,中间人攻击和拒绝服务攻击。
ARP欺骗的防范方法:
1. The only method of completely preventing ARP spoofing is the use of static, non-changing ARP entries
2. DHCP snooping can be configured on LAN switches to bolster the security on the LAN to only allow clients with specific IP/MAC addresses to have access to the network.
3. Monitor Gratuitous ARP, Gratuitous ARP could mean both gratuitous ARP request or gratuitous ARP reply.
3. Monitor Gratuitous ARP, Gratuitous ARP could mean both gratuitous ARP request or gratuitous ARP reply.
第一种方法最有效,但是维护映射表的工作量太大,不适用于大型网络。
第二种方法需要交换机支持。
第三种方法最容易实现,很多IPS系统都采用这种方法,但是不能完全消除网络中的ARP欺骗。
上一篇:光驱?可以扔掉了!
下一篇:瑞星,原来你也会误杀。
提问和评论都可以,用心的回复会被更多人看到
评论
发布评论
相关文章
-
关于ARP欺骗原理及防范
ARP欺骗原理及防范
职场 ARP 防范 休闲 欺骗原理