作者:hacker发布时间:2022-07-13分类:破解邮箱浏览:156评论:1
最好的方法是:进行MAC联合IP绑定,不进行MAC联合IP绑定PC机,不允许Internet访问。可设不绑定的MAC不能进行所有通信!
OVER
预防ARP攻击比较使用专业的ARP防火墙并开启它,就可以有效地防止ARP攻击。目前相对来说,360ARP防火墙比较不错。它专门针对局域网内ARP攻击进行拦截,是比较有效的ARP攻击拦截工具之一,建议你安装360安全卫士后把ARP防火墙开启试试。
ARP防火墙建议: ARPtiarp
下载地址
自己研究下设置,如果攻击比较强,那在这里里把防御等级改成主动防御,防御等级调高点
另外,进攻是最好的防御,安装好ARP防火墙后,再装个P2P终结者,不过局域网的这种斗争是个长期的过程,你在这里能找到方法,别人也能找到。最好是互相沟通下好,
简单点的,你会点CMD命令吧,双绑IP和路由也可以防止ARP攻击,我给你个开机自动绑定路由MACIP和你电脑的MACIP的批处理文件,你设置在开机自动启动里面,重启电脑,这样可以有效防止ARP欺骗。我就是用这个的,还不错
把一下命令复制在记事本里,然后保存,重命名文件名为,REARP.bat , 然后把这个批处理文件放在程序启动里,重启电脑,这样每次开机后都会自动删除非法MAC绑定,并重新绑定路由和你电脑的MACIP,试试吧,
@echo OFF
arp -d
if %~n0==arp exit
if %~n0==Arp exit
if %~n0==ARP exit
echo 正在获取本机信息.....
:IP
FOR /f "skip=13 tokens=15 usebackq " %%i in (`ipconfig /all`) do Set IP=%%i GOTO MAC
:MAC
echo IP:%IP%
FOR /f "skip=13 tokens=12 usebackq " %%i in (`ipconfig /all`) do Set MAC=%%i GOTO GateIP
:GateIP
echo MAC:%MAC%
arp -s %IP% %MAC%
echo 正在获取网关信息.....
FOR /f "skip=17 tokens=13 usebackq " %%i in (`ipconfig /all`) do Set GateIP=%%i GOTO GateMac
:GateMac
echo GateIP:%GateIP%
ping %GateIP% -t -n 1
FOR /f "skip=3 tokens=2 usebackq " %%i in (`arp -a %GateIP%`) do Set GateMAC=%%i GOTO Start
:Start
echo GateMAC:%GateMAC%
arp -s %GateIP% %GateMAC%
@pause
echo 操作完成!!!
运行之后,你在CMD里面, 输入 arp -a 看下路由IP和你IP后面的状态是不是static, 如果是说明绑定成功,Ok了,
ASA Local:
ASA Version 7.X
no names
!
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 30.30.30.1 255.255.255.0
!--- This line allows the unicast of OSPF over the IPsec tunnel.
ospf network point-to-point non-broadcast
!--- This line is optional and not required for OSPF to work.
!--- Enable this option only if you want to enable MD5 digest for OSPF.
ospf message-digest-key 10 md5 cisco
!
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 10.10.10.1 255.255.255.0
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
shutdown
no nameif
no security-level
no ip address
!
enable password cisco encrypted
passwd cisco encrypted
hostname Local
ftp mode passive
!--- These access control list (ACL) entries define
!--- interesting traffic for IPsec encryption and allow
!--- the traffic to bypass NAT. Note that OSPF is permitted and only
!--- in the crypto ACL.
same-security-traffic permit intra-interface
access-list nonat extended permit ip 10.10.10.0 255.255.255.0 20.20.20.0 255.255.255.0
access-list outside_cryptomap_10 extended permit ip 10.10.10.0 255.255.255.0 20.20.20.0 255.255.255.0
access-list outside_cryptomap_10 extended permit ospf interface outside host 40.40.40.2
pager lines 24
mtu outside 1500
mtu inside 1500
no failover
icmp permit any echo outside
icmp permit any echo-reply outside
icmp permit any echo inside
icmp permit any echo-reply inside
asdm image disk0:/asdm-502.bin
no asdm history enable
arp timeout 14400
global (outside) 10 interface
!--- Do not translate traffic with NAT.
nat (inside) 0 access-list nonat
nat (inside) 10 10.10.10.0 255.255.255.0
!
!--- This is OSPF.
!--- Note: You must define the outside network of the remote peer.
router ospf 100
network 10.10.10.0 255.255.255.0 area 0
network 30.30.30.0 255.255.255.0 area 0
network 40.40.40.0 255.255.255.0 area 0
!--- This is where OSPF is told where the
!--- PEER is located.
neighbor 40.40.40.2 interface outside
log-adj-changes
!
!--- This is a host based static. This is not always
!--- necessary, but recommended to prevent recursive routing loops when
!--- OSPF comes up over the IPsec tunnel.
route outside 40.40.40.2 255.255.255.255 30.30.30.2 1
route outside 0.0.0.0 0.0.0.0 30.30.30.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 sunrpc 0:10:00
h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.4.50 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp
!--- This is the IPsec and IKE/ISAKMP configuration.
!--- Make sure basic IPsec connectivity is present
!--- before you add in OSPF.
crypto ipsec transform-set myset esp-3des esp-sha-hmac
crypto map outside_map 10 match address outside_cryptomap_10
crypto map outside_map 10 set peer 40.40.40.2
crypto map outside_map 10 set transform-set myset
crypto map outside_map 10 set security-association lifetime seconds 86400
crypto map outside_map interface outside
isakmp identity address
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
isakmp policy 65535 authentication pre-share
isakmp policy 65535 encryption 3des
isakmp policy 65535 hash sha
isakmp policy 65535 group 2
isakmp policy 65535 lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
tunnel-group 40.40.40.2 type ipsec-l2l
tunnel-group 40.40.40.2 ipsec-attributes
pre-shared-key cisco
class-map inspection_default
match default-inspection-traffic
policy-map asa_global_fw_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy asa_global_fw_policy global
Cryptochecksum:3d5f16a67ec0fa20aa3882acaa348e28
: end
ASA Remote:
ASA Version 7.X
no names
!
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 40.40.40.2 255.255.255.0
!--- This line allows the unicast of OSPF over to
!--- the IPsec tunnel.
ospf network point-to-point non-broadcast
!--- This line is optional and not required for OSPF to work.
!--- Enable this option only if you want to enable MD5 digest for OSPF.
ospf message-digest-key 10 md5 cisco
!
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 20.20.20.1 255.255.255.0
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
shutdown
no nameif
no security-level
no ip address
!
enable password cisco encrypted
passwd cisco encrypted
hostname Remote
ftp mode passive
!--- These ACL entries define interesting traffic for IPsec encryption and allow
!--- the traffic to bypass NAT. Note that OSPF is permitted and only in the crypto ACL.
same-security-traffic permit intra-interface
access-list nonat extended permit ip 20.20.20.0 255.255.255.0 10.10.10.0 255.255.255.0
access-list crypto extended permit ip 20.20.20.0 255.255.255.0 10.10.10.0 255.255.255.0
access-list crypto extended permit ospf interface outside host 30.30.30.1
pager lines 24
mtu outside 1500
mtu inside 1500
no failover
icmp permit any echo outside
icmp permit any echo-reply outside
icmp permit any echo inside
icmp permit any echo-reply inside
asdm image disk0:/asdm-502.bin
no asdm history enable
arp timeout 14400
global (outside) 20 interface
!--- Do not translate traffic with NAT.
nat (inside) 0 access-list nonat
nat (inside) 20 20.20.20.0 255.255.255.0
!
!--- This is OSPF.
!--- Note: You must define the remote peer's outside network.
router ospf 100
network 20.20.20.0 255.255.255.0 area 0
network 30.30.30.0 255.255.255.0 area 0
network 40.40.40.0 255.255.255.0 area 0
!--- This is where the OSPF is told where the PEER is located.
neighbor 30.30.30.1 interface outside
log-adj-changes
!
!--- This is a host based static. This is not always necessary, but recommended to
prevent recursive routing loops when OSPF comes up over the IPsec tunnel.
route outside 0.0.0.0 0.0.0.0 40.40.40.1 1
route outside 30.30.30.1 255.255.255.255 40.40.40.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 sunrpc 0:10:00
h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.4.50 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp
!--- This is the IPsec configuration. Make sure basic IPsec connectivity is present
before you add in OSPF.
crypto ipsec transform-set myset esp-3des esp-sha-hmac
crypto map vpn 10 match address crypto
crypto map vpn 10 set peer 30.30.30.1
crypto map vpn 10 set transform-set myset
crypto map vpn interface outside
isakmp identity address
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
isakmp policy 65535 authentication pre-share
isakmp policy 65535 encryption 3des
isakmp policy 65535 hash sha
isakmp policy 65535 group 2
isakmp policy 65535 lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
tunnel-group 30.30.30.1 type ipsec-l2l
tunnel-group 30.30.30.1 ipsec-attributes
pre-shared-key cisco
class-map inspection_default
match default-inspection-traffic
policy-map asa_global_fw_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy asa_global_fw_policy global
Cryptochecksum:3d5f16a67ec0fa20aa3882acaa348e28
: end
标签:arp攻击图形软件
已有1位网友发表了看法:
访客 评论于 2022-07-14 08:05:35 回复
tional and not required for OSPF to work.!--- Enable this option only if you want to enable MD5 digest for OSPF. ospf