Method, client terminal, server and system for preventing network attack using ARP

Abstract

The invention discloses a method of preventing a network from being attacked by using an ARP, and also the client terminal and server as well the system of the method; wherein, the methods on the client terminal comprise that sending request on obtaining the addresses list of a gateway to the server, wherein, the addresses list of the gateway is used for recording the IP address of the gateway and corresponding MAC address; making records on the addresses list of the gateway after receiving the addresses list of the gateway for the server responses; using the addresses list of the gateway to renew the ARP cache of a local host computer. The methods applied in the server include: making records of the gateway IP addresses and corresponding MAC addresses inside the addresses list of the gateway preset by the server; sending the preset addresses list of the gateway to the host computers of consumers so as to renew the ARP cache after receiving the requests on obtaining the addresses list of the gateway from the host computers of the consumers. Through adopting the technical scheme of the utility model, the behaviors using ARP to attacking the network can be easily and flexibly as well as effectively avoided.

Description

Technical field [0001] The present invention relates to the field of network technology, and in particular to a method, a client, a server and a system for preventing network attacks using the Address Resolution Protocol (ARP). Background technique [0002] In Ethernet, a logical address (usually an IP address) is used for device identification at the network level, and a physical address (usually a MAC (Media Access Control) address) is used for device identification at the physical level; and in order to realize the communication between different devices The communication requires ARP to resolve the IP address to the MAC address. [0003] Since the ARP protocol did not consider security issues at the beginning of its design, and did not take any security measures such as authentication to the protocol application objects, it is easy to be used for network attacks. Common network attacks include: forging the ARP of another user's IP address to tamper with the ARP record of the ...

AI Technical Summary

Problems solved by technology

[0009] It can be seen that the two-way binding scheme is designed to prevent individual individuals. It not only has high requirements for administrators, but also has high requirements for host users. It requires host users to have a certain computer foundation; at the same time, the configuration workload is heavy, and When the user's IP address changes, it is necessary to synchronize the gateway binding, which has low flexibility.

Therefore, the two-way binding scheme is difficult to implement, and it is difficult to meet the needs of preventing ARP attacks in different application environments

[0010] In addition, in the two-way binding scheme, the determination of the poisoned host is to use the packet capture tool to monitor the data packets in the network. If a large number of ARP request packets or ARP response packets are found to be sent from a certain host, then this host The host is very likely to be poisoned

However, after locating poisoned hosts under the two-way binding scheme, remote management software cannot be used to solve the problem, so there is still the defect of relying on administrators to manually isolate poisoned hosts on site, which increases the workload of administrators

Images