Home Database Mysql Tutorial [技巧]利用交换机快速查找ARP病毒的攻击源

[技巧]利用交换机快速查找ARP病毒的攻击源

Jun 07, 2016 pm 03:30 PM
arp switch use fast Skill attack Find Virus

欢迎进入网络技术社区论坛,与200万技术人员互动交流 >>进入 2. Show mac-address ------------------------------------------------------------------------------------------------------------ telnet@FES12GCF-1#sh mac-add 000b.5d4d.cb36 Total act

欢迎进入网络技术社区论坛,与200万技术人员互动交流 >>进入

     2. Show mac-address
    ------------------------------------------------------------------------------------------------------------
    telnet@FES12GCF-1#sh mac-add 000b.5d4d.cb36
    Total active entries from all ports = 106
      MAC-Address    Port     Type   VLAN
    000b.5d4d.cb36      2  Dynamic    247
    --------------------------------------------------------------------------------------------------------------
         端口2下面是接一个普通的交换机,别的topology就不用了解了。
         这个样子看起来就是ARP攻击咯, 000b.5d4d.cb36这台机器作了ARP欺骗,导致所有的机器都不能正常的访问网络。
         继续追查,查一下他真实的IP,连接到DHCP Server 上面,在DHCP Scope 10.10.247.1这个上检查一下该机器:
        --------------------------------------------------------------------------------------------------------
         10.10.247.143     ZZlin   Reservation (active)  DHCP  000b5d4dcb36
       ----------------------------------------------------------------------------------------------------------
        Ping 10.10.247.143,通了,接着nbtstat -a 10.10.247.143 检查一下电脑名字是否相符, 运气不错,找到了!
        第一时间通知同事去现场查找这台有问题的机器,但为了不影响生产,还要快刀斩乱麻,先把影响降到最低。

        首先,在交换机上封掉该MAC:
        telnet@FES12GCF-1#conf t
    Warning: 1 user(s) already in config mode.
    telnet@FES12GCF-1(config)#mac filter 1 deny 000b.5d4d.cb36 ffff.ffff.ffff any
    telnet@FES12GCF-1(config)#end

        接着清空交换机的ARP缓存,让他快速重新学习正确的arp:
         telnet@FES12GCF-1#clear arp
        清空交换机的mac-address,也让他重新学习:
        telnet@FES12GCF-1#clear mac-add

        最后再次检查ARP表:
        ------------------------------------------------------------------------------------------------
       telnet@SAE-CA-B1-FES12GCF-1#sh arp
    Total number of ARP entries: 31
          IP Address          MAC Address         Type        Age       Port
    1     10.10.247.18        0060.e900.781e      Dynamic     0         2
    2     10.10.247.20        0018.8b1b.b010      Dynamic     0         2
    3     10.10.247.22        000d.60a3.77d0      Dynamic     0         2
    4     10.10.247.28        0018.8b1b.b022      Dynamic     0         2
    5     10.10.247.34        0013.7290.e52c      Dynamic     0         2
    6     10.10.247.35        0090.e804.1b2e      Dynamic     0         2
    7     10.10.247.39        00e0.4c4f.8502      Dynamic     0         2
    8     10.10.247.44        0013.729a.7eb5      Dynamic     0         2
    9     10.10.247.49        000d.6035.85c3      Dynamic     0         2
    10    10.10.247.52        0009.6bed.4cc6      Dynamic     0         2
    11    10.10.247.58        0013.728e.1210      Dynamic     0         2
    12    10.10.247.59        001d.0909.5310      Dynamic     0         2
    13    10.10.247.72        001d.0931.f0d5      Dynamic     0         2
    14    10.10.247.77        0012.3f87.ea67      Dynamic     0         2
    15    10.10.247.79        0018.8b23.09e3      Dynamic     0         2
    16    10.10.247.81        0018.8b1d.04ba      Dynamic     0         2
    17    10.10.247.82        0011.43af.b0dc      Dynamic     0         2
    18    10.10.247.88        0017.312c.40b5      Dynamic     0         2
    19    10.10.247.91        0013.728e.1a6d      Dynamic     0         2
    20    10.10.247.92        000f.8f28.d4e6      Dynamic     0         2
    21    10.10.247.95        0002.555b.3546      Dynamic     0         2
    22    10.10.247.106       0014.222a.1f64      Dynamic     0         2
    23    10.10.247.136       000d.6033.d5cd      Dynamic     0         2
        ------------------------------------------------------------------------------------------------

         看来已经恢复正常咯。

         回过头来,小结一下:
         1. 这个是一代的ARP攻击,源MAC和源IP都没有伪造,所以很容易查找,如果是二代的攻击,就不会这么轻松咯。
          希望下次有机会遇到:-)
         2. 两个小时后,同时打电话过来说找到那台pc了,没装杀毒软件,查了几十个木马出来。
         3. 划分Vlan能将影响降到最低。
         4. 杀毒和打补丁是日常工作必不可少的一部分。
         5. 交换机的选型要慎重,像上面这款Foundry FES12GCF, 除了能做静态MAC绑定, 就不能有效地预防ARP病毒的攻击。

 

  [1] [2] 

[技巧]利用交换机快速查找ARP病毒的攻击源

Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

Video Face Swap

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Tools

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Win11 Tips Sharing: Skip Microsoft Account Login with One Trick Win11 Tips Sharing: Skip Microsoft Account Login with One Trick Mar 27, 2024 pm 02:57 PM

Win11 Tips Sharing: One trick to skip Microsoft account login Windows 11 is the latest operating system launched by Microsoft, with a new design style and many practical functions. However, for some users, having to log in to their Microsoft account every time they boot up the system can be a bit annoying. If you are one of them, you might as well try the following tips, which will allow you to skip logging in with a Microsoft account and enter the desktop interface directly. First, we need to create a local account in the system to log in instead of a Microsoft account. The advantage of doing this is

A must-have for veterans: Tips and precautions for * and & in C language A must-have for veterans: Tips and precautions for * and & in C language Apr 04, 2024 am 08:21 AM

In C language, it represents a pointer, which stores the address of other variables; & represents the address operator, which returns the memory address of a variable. Tips for using pointers include defining pointers, dereferencing pointers, and ensuring that pointers point to valid addresses; tips for using address operators & include obtaining variable addresses, and returning the address of the first element of the array when obtaining the address of an array element. A practical example demonstrating the use of pointer and address operators to reverse a string.

What are the tips for novices to create forms? What are the tips for novices to create forms? Mar 21, 2024 am 09:11 AM

We often create and edit tables in excel, but as a novice who has just come into contact with the software, how to use excel to create tables is not as easy as it is for us. Below, we will conduct some drills on some steps of table creation that novices, that is, beginners, need to master. We hope it will be helpful to those in need. A sample form for beginners is shown below: Let’s see how to complete it! 1. There are two methods to create a new excel document. You can right-click the mouse on a blank location on the [Desktop] - [New] - [xls] file. You can also [Start]-[All Programs]-[Microsoft Office]-[Microsoft Excel 20**] 2. Double-click our new ex

What is the difference in the 'My Computer' path in Win11? Quick way to find it! What is the difference in the 'My Computer' path in Win11? Quick way to find it! Mar 29, 2024 pm 12:33 PM

What is the difference in the "My Computer" path in Win11? Quick way to find it! As the Windows system is constantly updated, the latest Windows 11 system also brings some new changes and functions. One of the common problems is that users cannot find the path to "My Computer" in Win11 system. This was usually a simple operation in previous Windows systems. This article will introduce how the paths of "My Computer" are different in Win11 system, and how to quickly find them. In Windows1

VSCode Getting Started Guide: A must-read for beginners to quickly master usage skills! VSCode Getting Started Guide: A must-read for beginners to quickly master usage skills! Mar 26, 2024 am 08:21 AM

VSCode (Visual Studio Code) is an open source code editor developed by Microsoft. It has powerful functions and rich plug-in support, making it one of the preferred tools for developers. This article will provide an introductory guide for beginners to help them quickly master the skills of using VSCode. In this article, we will introduce how to install VSCode, basic editing operations, shortcut keys, plug-in installation, etc., and provide readers with specific code examples. 1. Install VSCode first, we need

Win11 Tricks Revealed: How to Bypass Microsoft Account Login Win11 Tricks Revealed: How to Bypass Microsoft Account Login Mar 27, 2024 pm 07:57 PM

Win11 tricks revealed: How to bypass Microsoft account login Recently, Microsoft launched a new operating system Windows11, which has attracted widespread attention. Compared with previous versions, Windows 11 has made many new adjustments in terms of interface design and functional improvements, but it has also caused some controversy. The most eye-catching point is that it forces users to log in to the system with a Microsoft account. For some users, they may be more accustomed to logging in with a local account and are unwilling to bind their personal information to a Microsoft account.

PHP programming skills: How to jump to the web page within 3 seconds PHP programming skills: How to jump to the web page within 3 seconds Mar 24, 2024 am 09:18 AM

Title: PHP Programming Tips: How to Jump to a Web Page within 3 Seconds In web development, we often encounter situations where we need to automatically jump to another page within a certain period of time. This article will introduce how to use PHP to implement programming techniques to jump to a page within 3 seconds, and provide specific code examples. First of all, the basic principle of page jump is realized through the Location field in the HTTP response header. By setting this field, the browser can automatically jump to the specified page. Below is a simple example demonstrating how to use P

What does TikTok recommended video mean? How to use Douyin to recommend videos? What does TikTok recommended video mean? How to use Douyin to recommend videos? Mar 27, 2024 pm 03:01 PM

As a world-renowned short video social platform, Douyin has won the favor of a large number of users with its unique personalized recommendation algorithm. This article will delve into the value and principles of Douyin video recommendation to help readers better understand and make full use of this feature. 1. What is Douyin recommended video? Douyin recommended video uses intelligent recommendation algorithms to filter and push personalized video content to users based on their interests and behavioral habits. The Douyin platform analyzes users' viewing history, like and comment behavior, sharing records and other data to select and recommend videos that best suit users' tastes from a huge video library. This personalized recommendation system not only improves user experience, but also helps users discover more video content that matches their preferences, thereby enhancing user stickiness and retention rate. at this

See all articles