[技巧]利用交换机快速查找ARP病毒的攻击源
欢迎进入网络技术社区论坛,与200万技术人员互动交流 >>进入 2. Show mac-address ------------------------------------------------------------------------------------------------------------ telnet@FES12GCF-1#sh mac-add 000b.5d4d.cb36 Total act
欢迎进入网络技术社区论坛,与200万技术人员互动交流 >>进入
2. Show mac-address
------------------------------------------------------------------------------------------------------------
telnet@FES12GCF-1#sh mac-add 000b.5d4d.cb36
Total active entries from all ports = 106
MAC-Address Port Type VLAN
000b.5d4d.cb36 2 Dynamic 247
--------------------------------------------------------------------------------------------------------------
端口2下面是接一个普通的交换机,别的topology就不用了解了。
这个样子看起来就是ARP攻击咯, 000b.5d4d.cb36这台机器作了ARP欺骗,导致所有的机器都不能正常的访问网络。
继续追查,查一下他真实的IP,连接到DHCP Server 上面,在DHCP Scope 10.10.247.1这个上检查一下该机器:
--------------------------------------------------------------------------------------------------------
10.10.247.143 ZZlin Reservation (active) DHCP 000b5d4dcb36
----------------------------------------------------------------------------------------------------------
Ping 10.10.247.143,通了,接着nbtstat -a 10.10.247.143 检查一下电脑名字是否相符, 运气不错,找到了!
第一时间通知同事去现场查找这台有问题的机器,但为了不影响生产,还要快刀斩乱麻,先把影响降到最低。
首先,在交换机上封掉该MAC:
telnet@FES12GCF-1#conf t
Warning: 1 user(s) already in config mode.
telnet@FES12GCF-1(config)#mac filter 1 deny 000b.5d4d.cb36 ffff.ffff.ffff any
telnet@FES12GCF-1(config)#end
接着清空交换机的ARP缓存,让他快速重新学习正确的arp:
telnet@FES12GCF-1#clear arp
清空交换机的mac-address,也让他重新学习:
telnet@FES12GCF-1#clear mac-add
最后再次检查ARP表:
------------------------------------------------------------------------------------------------
telnet@SAE-CA-B1-FES12GCF-1#sh arp
Total number of ARP entries: 31
IP Address MAC Address Type Age Port
1 10.10.247.18 0060.e900.781e Dynamic 0 2
2 10.10.247.20 0018.8b1b.b010 Dynamic 0 2
3 10.10.247.22 000d.60a3.77d0 Dynamic 0 2
4 10.10.247.28 0018.8b1b.b022 Dynamic 0 2
5 10.10.247.34 0013.7290.e52c Dynamic 0 2
6 10.10.247.35 0090.e804.1b2e Dynamic 0 2
7 10.10.247.39 00e0.4c4f.8502 Dynamic 0 2
8 10.10.247.44 0013.729a.7eb5 Dynamic 0 2
9 10.10.247.49 000d.6035.85c3 Dynamic 0 2
10 10.10.247.52 0009.6bed.4cc6 Dynamic 0 2
11 10.10.247.58 0013.728e.1210 Dynamic 0 2
12 10.10.247.59 001d.0909.5310 Dynamic 0 2
13 10.10.247.72 001d.0931.f0d5 Dynamic 0 2
14 10.10.247.77 0012.3f87.ea67 Dynamic 0 2
15 10.10.247.79 0018.8b23.09e3 Dynamic 0 2
16 10.10.247.81 0018.8b1d.04ba Dynamic 0 2
17 10.10.247.82 0011.43af.b0dc Dynamic 0 2
18 10.10.247.88 0017.312c.40b5 Dynamic 0 2
19 10.10.247.91 0013.728e.1a6d Dynamic 0 2
20 10.10.247.92 000f.8f28.d4e6 Dynamic 0 2
21 10.10.247.95 0002.555b.3546 Dynamic 0 2
22 10.10.247.106 0014.222a.1f64 Dynamic 0 2
23 10.10.247.136 000d.6033.d5cd Dynamic 0 2
------------------------------------------------------------------------------------------------
看来已经恢复正常咯。
回过头来,小结一下:
1. 这个是一代的ARP攻击,源MAC和源IP都没有伪造,所以很容易查找,如果是二代的攻击,就不会这么轻松咯。
希望下次有机会遇到:-)
2. 两个小时后,同时打电话过来说找到那台pc了,没装杀毒软件,查了几十个木马出来。
3. 划分Vlan能将影响降到最低。
4. 杀毒和打补丁是日常工作必不可少的一部分。
5. 交换机的选型要慎重,像上面这款Foundry FES12GCF, 除了能做静态MAC绑定, 就不能有效地预防ARP病毒的攻击。
[1] [2]
![[技巧]利用交换机快速查找ARP病毒的攻击源](/inc/test.jsp?url=http%3A%2F%2Fwww.chinaitlab.com%2Fcms%2Fimages%2Flogo14.gif&refer=http%3A%2F%2Fcisco.chinaitlab.com%2Fmethod%2F777736_2.html)
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1386
52
Win11 Tips Sharing: Skip Microsoft Account Login with One Trick
Mar 27, 2024 pm 02:57 PM
Win11 Tips Sharing: One trick to skip Microsoft account login Windows 11 is the latest operating system launched by Microsoft, with a new design style and many practical functions. However, for some users, having to log in to their Microsoft account every time they boot up the system can be a bit annoying. If you are one of them, you might as well try the following tips, which will allow you to skip logging in with a Microsoft account and enter the desktop interface directly. First, we need to create a local account in the system to log in instead of a Microsoft account. The advantage of doing this is
A must-have for veterans: Tips and precautions for * and & in C language
Apr 04, 2024 am 08:21 AM
In C language, it represents a pointer, which stores the address of other variables; & represents the address operator, which returns the memory address of a variable. Tips for using pointers include defining pointers, dereferencing pointers, and ensuring that pointers point to valid addresses; tips for using address operators & include obtaining variable addresses, and returning the address of the first element of the array when obtaining the address of an array element. A practical example demonstrating the use of pointer and address operators to reverse a string.
What are the tips for novices to create forms?
Mar 21, 2024 am 09:11 AM
We often create and edit tables in excel, but as a novice who has just come into contact with the software, how to use excel to create tables is not as easy as it is for us. Below, we will conduct some drills on some steps of table creation that novices, that is, beginners, need to master. We hope it will be helpful to those in need. A sample form for beginners is shown below: Let’s see how to complete it! 1. There are two methods to create a new excel document. You can right-click the mouse on a blank location on the [Desktop] - [New] - [xls] file. You can also [Start]-[All Programs]-[Microsoft Office]-[Microsoft Excel 20**] 2. Double-click our new ex
What is the difference in the 'My Computer' path in Win11? Quick way to find it!
Mar 29, 2024 pm 12:33 PM
What is the difference in the "My Computer" path in Win11? Quick way to find it! As the Windows system is constantly updated, the latest Windows 11 system also brings some new changes and functions. One of the common problems is that users cannot find the path to "My Computer" in Win11 system. This was usually a simple operation in previous Windows systems. This article will introduce how the paths of "My Computer" are different in Win11 system, and how to quickly find them. In Windows1
VSCode Getting Started Guide: A must-read for beginners to quickly master usage skills!
Mar 26, 2024 am 08:21 AM
VSCode (Visual Studio Code) is an open source code editor developed by Microsoft. It has powerful functions and rich plug-in support, making it one of the preferred tools for developers. This article will provide an introductory guide for beginners to help them quickly master the skills of using VSCode. In this article, we will introduce how to install VSCode, basic editing operations, shortcut keys, plug-in installation, etc., and provide readers with specific code examples. 1. Install VSCode first, we need
Win11 Tricks Revealed: How to Bypass Microsoft Account Login
Mar 27, 2024 pm 07:57 PM
Win11 tricks revealed: How to bypass Microsoft account login Recently, Microsoft launched a new operating system Windows11, which has attracted widespread attention. Compared with previous versions, Windows 11 has made many new adjustments in terms of interface design and functional improvements, but it has also caused some controversy. The most eye-catching point is that it forces users to log in to the system with a Microsoft account. For some users, they may be more accustomed to logging in with a local account and are unwilling to bind their personal information to a Microsoft account.
PHP programming skills: How to jump to the web page within 3 seconds
Mar 24, 2024 am 09:18 AM
Title: PHP Programming Tips: How to Jump to a Web Page within 3 Seconds In web development, we often encounter situations where we need to automatically jump to another page within a certain period of time. This article will introduce how to use PHP to implement programming techniques to jump to a page within 3 seconds, and provide specific code examples. First of all, the basic principle of page jump is realized through the Location field in the HTTP response header. By setting this field, the browser can automatically jump to the specified page. Below is a simple example demonstrating how to use P
What does TikTok recommended video mean? How to use Douyin to recommend videos?
Mar 27, 2024 pm 03:01 PM
As a world-renowned short video social platform, Douyin has won the favor of a large number of users with its unique personalized recommendation algorithm. This article will delve into the value and principles of Douyin video recommendation to help readers better understand and make full use of this feature. 1. What is Douyin recommended video? Douyin recommended video uses intelligent recommendation algorithms to filter and push personalized video content to users based on their interests and behavioral habits. The Douyin platform analyzes users' viewing history, like and comment behavior, sharing records and other data to select and recommend videos that best suit users' tastes from a huge video library. This personalized recommendation system not only improves user experience, but also helps users discover more video content that matches their preferences, thereby enhancing user stickiness and retention rate. at this
