⊙ Tool introduction
The symptoms of computers infected with the Arp spoofing virus (*) are as follows:
As soon as the machine is turned on, it constantly sends Arp fraud messages, that is, sends Arp messages to other machines on the same subnet with a fake network card physical address, and even deceives other machines by pretending to be physical address of the subnet gateway, causing other machines on the network to access the Internet through the virus host. During the switching process from the real gateway to the fake gateway, other machines will be disconnected once. If the virus machine suddenly shuts down or goes offline, other machines will have to search for the real gateway again, and the network will be disconnected again. Therefore, it will cause a certain subnet to have one or more virus machines, which will cause other people to access the Internet intermittently, and in severe cases, the entire network will be paralyzed. In addition to affecting others' access to the Internet, this virus (*) also aims to steal user accounts and passwords (such as accounts and passwords for QQ and online games) on other machines on the same subnet. Moreover, it sends Arp messages, which are of certain secret. If the system resources are not large and there is no antivirus software monitoring, it is not easy for ordinary users to detect. This virus mainly occurs in student dormitories at the beginning of the school year. According to recent investigations, it is now spreading to office areas and faculty and staff residential areas, and is becoming increasingly fierce.
After sampling tests, the Symantec antivirus software Enterprise Edition 10.0 provided by the school can effectively detect and kill known Arp fraud viruses (*s) viruses. Since malware is not clearly defined internationally, no antivirus software can provide a solution that can 100% eliminate its attacks, and it needs to be cleaned up with the help of certain auxiliary tools.
Arp virus prevention and control solutions
In order to reduce the impact of machines infected with Arp spoofing virus (*) on normal machines' Internet access, please statically bind the gateway's IP and physical address. The specific operation is:
When you can access the Internet normally, enter the MS-DOS window and enter the command: arp -a to view the correct physical address corresponding to the gateway’s IP and record it. If you are not sure whether the physical address of the gateway found is the real physical address of the gateway, you can also consult the network center. Create a batch file with the following contents:
@echo off
arp -d
arp -s Gateway IP Gateway Physical Address
(Note that the "gateway IP" and "gateway physical address" in the above batch file should be replaced by the "gateway IP" and "gateway physical address" you found) After saving, run this batch file and drag the batch file to "Windows → Start → Program → Start".
The symptoms of computers infected with the Arp spoofing virus (*) are as follows:
As soon as the machine is turned on, it constantly sends Arp fraud messages, that is, sends Arp messages to other machines on the same subnet with a fake network card physical address, and even deceives other machines by pretending to be physical address of the subnet gateway, causing other machines on the network to access the Internet through the virus host. During the switching process from the real gateway to the fake gateway, other machines will be disconnected once. If the virus machine suddenly shuts down or goes offline, other machines will have to search for the real gateway again, and the network will be disconnected again. Therefore, it will cause a certain subnet to have one or more virus machines, which will cause other people to access the Internet intermittently, and in severe cases, the entire network will be paralyzed. In addition to affecting others' access to the Internet, this virus (*) also aims to steal user accounts and passwords (such as accounts and passwords for QQ and online games) on other machines on the same subnet. Moreover, it sends Arp messages, which are of certain secret. If the system resources are not large and there is no antivirus software monitoring, it is not easy for ordinary users to detect. This virus mainly occurs in student dormitories at the beginning of the school year. According to recent investigations, it is now spreading to office areas and faculty and staff residential areas, and is becoming increasingly fierce.
After sampling tests, the Symantec antivirus software Enterprise Edition 10.0 provided by the school can effectively detect and kill known Arp fraud viruses (*s) viruses. Since malware is not clearly defined internationally, no antivirus software can provide a solution that can 100% eliminate its attacks, and it needs to be cleaned up with the help of certain auxiliary tools.
Arp virus prevention and control solutions
In order to reduce the impact of machines infected with Arp spoofing virus (*) on normal machines' Internet access, please statically bind the gateway's IP and physical address. The specific operation is:
When you can access the Internet normally, enter the MS-DOS window and enter the command: arp -a to view the correct physical address corresponding to the gateway’s IP and record it. If you are not sure whether the physical address of the gateway found is the real physical address of the gateway, you can also consult the network center. Create a batch file with the following contents:
@echo off
arp -d
arp -s Gateway IP Gateway Physical Address
(Note that the "gateway IP" and "gateway physical address" in the above batch file should be replaced by the "gateway IP" and "gateway physical address" you found) After saving, run this batch file and drag the batch file to "Windows → Start → Program → Start".