search
HomeDatabaseMysql Tutorial[技巧]利用交换机快速查找ARP病毒的攻击源

欢迎进入网络技术社区论坛,与200万技术人员互动交流 >>进入 2. Show mac-address ------------------------------------------------------------------------------------------------------------ telnet@FES12GCF-1#sh mac-add 000b.5d4d.cb36 Total act

欢迎进入网络技术社区论坛,与200万技术人员互动交流 >>进入

     2. Show mac-address
    ------------------------------------------------------------------------------------------------------------
    telnet@FES12GCF-1#sh mac-add 000b.5d4d.cb36
    Total active entries from all ports = 106
      MAC-Address    Port     Type   VLAN
    000b.5d4d.cb36      2  Dynamic    247
    --------------------------------------------------------------------------------------------------------------
         端口2下面是接一个普通的交换机,别的topology就不用了解了。
         这个样子看起来就是ARP攻击咯, 000b.5d4d.cb36这台机器作了ARP欺骗,导致所有的机器都不能正常的访问网络。
         继续追查,查一下他真实的IP,连接到DHCP Server 上面,在DHCP Scope 10.10.247.1这个上检查一下该机器:
        --------------------------------------------------------------------------------------------------------
         10.10.247.143     ZZlin   Reservation (active)  DHCP  000b5d4dcb36
       ----------------------------------------------------------------------------------------------------------
        Ping 10.10.247.143,通了,接着nbtstat -a 10.10.247.143 检查一下电脑名字是否相符, 运气不错,找到了!
        第一时间通知同事去现场查找这台有问题的机器,但为了不影响生产,还要快刀斩乱麻,先把影响降到最低。

        首先,在交换机上封掉该MAC:
        telnet@FES12GCF-1#conf t
    Warning: 1 user(s) already in config mode.
    telnet@FES12GCF-1(config)#mac filter 1 deny 000b.5d4d.cb36 ffff.ffff.ffff any
    telnet@FES12GCF-1(config)#end

        接着清空交换机的ARP缓存,让他快速重新学习正确的arp:
         telnet@FES12GCF-1#clear arp
        清空交换机的mac-address,也让他重新学习:
        telnet@FES12GCF-1#clear mac-add

        最后再次检查ARP表:
        ------------------------------------------------------------------------------------------------
       telnet@SAE-CA-B1-FES12GCF-1#sh arp
    Total number of ARP entries: 31
          IP Address          MAC Address         Type        Age       Port
    1     10.10.247.18        0060.e900.781e      Dynamic     0         2
    2     10.10.247.20        0018.8b1b.b010      Dynamic     0         2
    3     10.10.247.22        000d.60a3.77d0      Dynamic     0         2
    4     10.10.247.28        0018.8b1b.b022      Dynamic     0         2
    5     10.10.247.34        0013.7290.e52c      Dynamic     0         2
    6     10.10.247.35        0090.e804.1b2e      Dynamic     0         2
    7     10.10.247.39        00e0.4c4f.8502      Dynamic     0         2
    8     10.10.247.44        0013.729a.7eb5      Dynamic     0         2
    9     10.10.247.49        000d.6035.85c3      Dynamic     0         2
    10    10.10.247.52        0009.6bed.4cc6      Dynamic     0         2
    11    10.10.247.58        0013.728e.1210      Dynamic     0         2
    12    10.10.247.59        001d.0909.5310      Dynamic     0         2
    13    10.10.247.72        001d.0931.f0d5      Dynamic     0         2
    14    10.10.247.77        0012.3f87.ea67      Dynamic     0         2
    15    10.10.247.79        0018.8b23.09e3      Dynamic     0         2
    16    10.10.247.81        0018.8b1d.04ba      Dynamic     0         2
    17    10.10.247.82        0011.43af.b0dc      Dynamic     0         2
    18    10.10.247.88        0017.312c.40b5      Dynamic     0         2
    19    10.10.247.91        0013.728e.1a6d      Dynamic     0         2
    20    10.10.247.92        000f.8f28.d4e6      Dynamic     0         2
    21    10.10.247.95        0002.555b.3546      Dynamic     0         2
    22    10.10.247.106       0014.222a.1f64      Dynamic     0         2
    23    10.10.247.136       000d.6033.d5cd      Dynamic     0         2
        ------------------------------------------------------------------------------------------------

         看来已经恢复正常咯。

         回过头来,小结一下:
         1. 这个是一代的ARP攻击,源MAC和源IP都没有伪造,所以很容易查找,如果是二代的攻击,就不会这么轻松咯。
          希望下次有机会遇到:-)
         2. 两个小时后,同时打电话过来说找到那台pc了,没装杀毒软件,查了几十个木马出来。
         3. 划分Vlan能将影响降到最低。
         4. 杀毒和打补丁是日常工作必不可少的一部分。
         5. 交换机的选型要慎重,像上面这款Foundry FES12GCF, 除了能做静态MAC绑定, 就不能有效地预防ARP病毒的攻击。

 

  [1] [2] 

[技巧]利用交换机快速查找ARP病毒的攻击源

Statement
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Explain the InnoDB Buffer Pool and its importance for performance.Explain the InnoDB Buffer Pool and its importance for performance.Apr 19, 2025 am 12:24 AM

InnoDBBufferPool reduces disk I/O by caching data and indexing pages, improving database performance. Its working principle includes: 1. Data reading: Read data from BufferPool; 2. Data writing: After modifying the data, write to BufferPool and refresh it to disk regularly; 3. Cache management: Use the LRU algorithm to manage cache pages; 4. Reading mechanism: Load adjacent data pages in advance. By sizing the BufferPool and using multiple instances, database performance can be optimized.

MySQL vs. Other Programming Languages: A ComparisonMySQL vs. Other Programming Languages: A ComparisonApr 19, 2025 am 12:22 AM

Compared with other programming languages, MySQL is mainly used to store and manage data, while other languages ​​such as Python, Java, and C are used for logical processing and application development. MySQL is known for its high performance, scalability and cross-platform support, suitable for data management needs, while other languages ​​have advantages in their respective fields such as data analytics, enterprise applications, and system programming.

Learning MySQL: A Step-by-Step Guide for New UsersLearning MySQL: A Step-by-Step Guide for New UsersApr 19, 2025 am 12:19 AM

MySQL is worth learning because it is a powerful open source database management system suitable for data storage, management and analysis. 1) MySQL is a relational database that uses SQL to operate data and is suitable for structured data management. 2) The SQL language is the key to interacting with MySQL and supports CRUD operations. 3) The working principle of MySQL includes client/server architecture, storage engine and query optimizer. 4) Basic usage includes creating databases and tables, and advanced usage involves joining tables using JOIN. 5) Common errors include syntax errors and permission issues, and debugging skills include checking syntax and using EXPLAIN commands. 6) Performance optimization involves the use of indexes, optimization of SQL statements and regular maintenance of databases.

MySQL: Essential Skills for Beginners to MasterMySQL: Essential Skills for Beginners to MasterApr 18, 2025 am 12:24 AM

MySQL is suitable for beginners to learn database skills. 1. Install MySQL server and client tools. 2. Understand basic SQL queries, such as SELECT. 3. Master data operations: create tables, insert, update, and delete data. 4. Learn advanced skills: subquery and window functions. 5. Debugging and optimization: Check syntax, use indexes, avoid SELECT*, and use LIMIT.

MySQL: Structured Data and Relational DatabasesMySQL: Structured Data and Relational DatabasesApr 18, 2025 am 12:22 AM

MySQL efficiently manages structured data through table structure and SQL query, and implements inter-table relationships through foreign keys. 1. Define the data format and type when creating a table. 2. Use foreign keys to establish relationships between tables. 3. Improve performance through indexing and query optimization. 4. Regularly backup and monitor databases to ensure data security and performance optimization.

MySQL: Key Features and Capabilities ExplainedMySQL: Key Features and Capabilities ExplainedApr 18, 2025 am 12:17 AM

MySQL is an open source relational database management system that is widely used in Web development. Its key features include: 1. Supports multiple storage engines, such as InnoDB and MyISAM, suitable for different scenarios; 2. Provides master-slave replication functions to facilitate load balancing and data backup; 3. Improve query efficiency through query optimization and index use.

The Purpose of SQL: Interacting with MySQL DatabasesThe Purpose of SQL: Interacting with MySQL DatabasesApr 18, 2025 am 12:12 AM

SQL is used to interact with MySQL database to realize data addition, deletion, modification, inspection and database design. 1) SQL performs data operations through SELECT, INSERT, UPDATE, DELETE statements; 2) Use CREATE, ALTER, DROP statements for database design and management; 3) Complex queries and data analysis are implemented through SQL to improve business decision-making efficiency.

MySQL for Beginners: Getting Started with Database ManagementMySQL for Beginners: Getting Started with Database ManagementApr 18, 2025 am 12:10 AM

The basic operations of MySQL include creating databases, tables, and using SQL to perform CRUD operations on data. 1. Create a database: CREATEDATABASEmy_first_db; 2. Create a table: CREATETABLEbooks(idINTAUTO_INCREMENTPRIMARYKEY, titleVARCHAR(100)NOTNULL, authorVARCHAR(100)NOTNULL, published_yearINT); 3. Insert data: INSERTINTObooks(title, author, published_year)VA

See all articles

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

Video Face Swap

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Tools

ZendStudio 13.5.1 Mac

ZendStudio 13.5.1 Mac

Powerful PHP integrated development environment

mPDF

mPDF

mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),

Atom editor mac version download

Atom editor mac version download

The most popular open source editor

VSCode Windows 64-bit Download

VSCode Windows 64-bit Download

A free and powerful IDE editor launched by Microsoft

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment