Causes and background
The company recently encountered APR attack
led to the entire company R & D, testing, Customer Service Department, Engineering Department and several other departments unified no Internet access,
TV (Team Viewer) can not be used,
deployed in the public network can not access the B / S system architecture system,
uploading and downloading of code development has also been severely affected.
But after work network like flying birds, actually surprisingly fast
After the network administrator's investigation found that while being ARP attack
So what is the ARP attack?
Knock on the blackboard:
ARP attack is an attack mode LAN, commonly known as ARP spoofing, can generally lead to other machines within the network appeared "IP address conflict" or symptoms not access the Internet.
ARP protocol principle is like?
ARP (Address Resolution Protocol, ARP)
is located in a network layer TCP / IP protocol stack, responsible resolved into an IP address corresponding to the MAC address
generally, LAN communication requires mac address for communication, it needs an IP address the mac address correspondence
The impact and lack of ARP attack
ARP protocol there is a lot of loopholes and shortcomings, caused great risks to computer networks.
First ARP protocol is broadcast sends an ARP request, as long as the host is the same network segment can receive,
which for the attacker an opportunity to exploit, an attacker could send a large number of ARP request packet,
blocking normal broadband network the local area limited network resources are occupied by useless broadcast information, resulting in network congestion;
Second, ARP protocol is not secure authentication mechanism
because the hosts in the LAN is based on trust
so long as the host receives the ARP response packet, will cache in the ARP table
which provides the possibility for the ARP spoofing.
Mapping relationship attacker could send a wrong IP address MAC address
How to solve it?
The backup all the mac address, IP address, but also the registration
and real-time monitoring of everyone mac, ensure timely control and delete mac appear when unknown
If there is a better answer, please share