雄鹰在飞翔 2007-6-30 17:56
观测不到的arp攻击!
网络环境:网吧局域网 路由上网
症状:部分机器突然掉线 用arp -a命令查不到相同的MAC 用arp -d命令清空arp表后 只可以ping通网关1下 然后还是ping不通!
换个空的IP地址可以继续上网 但原来的IP要过很久才能上 大约是1-5个小时后
网络执法官,欣向arp工具,彩影arp[b]防火墙[/b]单机版 都检测不到任何ARP攻击 但我觉得这是典型的ARP攻击。
(还有个有趣的现象,在ping不通网关的机器上 我不停的打arp -d命令 就可以ping通网关了 要是只打一下arp -d 就只能ping通1下)
【分析接收到的ARP(85:13275)】
ID 开始时间 结束时间 源IP 源MAC 类型 累计
1 2007-05-27 16:22:07 2007-05-27 16:44:08 192.168.0.1 00-0F-E2-36-61-63 非广播-Reply 12781
3 2007-05-27 16:22:14 2007-05-27 16:44:07 192.168.0.1 00-0F-E2-36-61-63 广播-Request 134
15 2007-05-27 16:23:03 2007-05-27 16:23:03 192.168.0.10 00-0D-61-99-1B-62 非广播-Reply 1
57 2007-05-27 16:23:53 2007-05-27 16:23:53 192.168.0.101 00-0D-61-55-77-EA 非广播-Reply 1
16 2007-05-27 16:23:06 2007-05-27 16:23:06 192.168.0.14 00-0D-61-9A-4E-C3 非广播-Reply 1
17 2007-05-27 16:23:06 2007-05-27 16:23:06 192.168.0.15 00-0D-61-9A-53-EB 非广播-Reply 1
59 2007-05-27 16:24:50 2007-05-27 16:24:50 192.168.0.159 00-0D-61-99-27-20 非广播-Reply 1
18 2007-05-27 16:23:07 2007-05-27 16:23:07 192.168.0.17 00-0D-61-93-B7-71 非广播-Reply 1
2 2007-05-27 16:22:07 2007-05-27 16:22:07 192.168.0.188 00-E0-4C-80-FA-4A 非广播-Reply 1
5 2007-05-27 16:22:25 2007-05-27 16:43:38 192.168.0.188 00-E0-4C-80-FA-4A 广播-Request 29
14 2007-05-27 16:23:02 2007-05-27 16:41:18 192.168.0.189 00-50-BA-BA-28-02 广播-Request 13
61 2007-05-27 16:25:18 2007-05-27 16:25:18 192.168.0.189 00-50-BA-BA-28-02 非广播-Reply 1
19 2007-05-27 16:23:08 2007-05-27 16:23:08 192.168.0.19 00-E0-5C-04-0B-4C 非广播-Reply 1
7 2007-05-27 16:22:44 2007-05-27 16:43:01 192.168.0.190 00-11-95-EC-17-6F 广播-Request 34
62 2007-05-27 16:25:18 2007-05-27 16:25:18 192.168.0.190 00-11-95-EC-17-6F 非广播-Reply 1
63 2007-05-27 16:25:22 2007-05-27 16:25:22 192.168.0.195 00-E0-5C-04-08-EA 非广播-Reply 1
8 2007-05-27 16:23:01 2007-05-27 16:23:01 192.168.0.2 00-0D-61-99-1A-C0 非广播-Reply 1
22 2007-05-27 16:23:15 2007-05-27 16:23:21 192.168.0.2 00-0D-61-99-1A-C0 广播-Request 6
20 2007-05-27 16:23:11 2007-05-27 16:23:11 192.168.0.24 00-0D-61-99-0A-3A 非广播-Reply 1
65 2007-05-27 16:27:59 2007-05-27 16:27:59 192.168.0.24 00-0D-61-99-0A-3A 广播-Request 1
21 2007-05-27 16:23:14 2007-05-27 16:23:14 192.168.0.28 00-0D-61-99-0B-F5 非广播-Reply 1
58 2007-05-27 16:24:34 2007-05-27 16:44:04 192.168.0.28 00-0D-61-99-0B-F5 广播-Request 124
0 2007-05-27 16:22:07 2007-05-27 16:31:43 192.168.0.38 00-F0-4C-83-55-00 广播-Request 4
23 2007-05-27 16:23:23 2007-05-27 16:23:23 192.168.0.38 00-F0-4C-83-55-00 非广播-Reply 1
4 2007-05-27 16:22:20 2007-05-27 16:42:25 192.168.0.39 00-F0-4C-83-54-AE 广播-Request 2
24 2007-05-27 16:23:23 2007-05-27 16:23:23 192.168.0.39 00-F0-4C-83-54-AE 非广播-Reply 1
9 2007-05-27 16:23:02 2007-05-27 16:23:02 192.168.0.4 00-0D-61-9A-55-1C 非广播-Reply 1
25 2007-05-27 16:23:23 2007-05-27 16:23:23 192.168.0.40 00-F0-4C-83-55-5F 非广播-Reply 1
64 2007-05-27 16:25:23 2007-05-27 16:43:26 192.168.0.40 00-F0-4C-83-55-5F 广播-Request 11
26 2007-05-27 16:23:23 2007-05-27 16:23:23 192.168.0.41 00-F0-4C-83-55-B4 非广播-Reply 1
27 2007-05-27 16:23:23 2007-05-27 16:23:23 192.168.0.42 00-F0-4C-83-24-75 非广播-Reply 1
6 2007-05-27 16:22:38 2007-05-27 16:23:05 192.168.0.43 00-F0-4C-83-55-B5 广播-Request 4
28 2007-05-27 16:23:23 2007-05-27 16:23:23 192.168.0.43 00-F0-4C-83-55-B5 非广播-Reply 1
29 2007-05-27 16:23:23 2007-05-27 16:23:23 192.168.0.44 00-F0-4C-83-55-FB 非广播-Reply 1
30 2007-05-27 16:23:23 2007-05-27 16:23:23 192.168.0.45 00-F0-4C-83-25-8E 非广播-Reply 1
70 2007-05-27 16:32:23 2007-05-27 16:32:23 192.168.0.45 00-F0-4C-83-25-8E 广播-Request 1
31 2007-05-27 16:23:23 2007-05-27 16:23:23 192.168.0.46 00-F0-4C-83-54-FC 非广播-Reply 1
32 2007-05-27 16:23:23 2007-05-27 16:23:23 192.168.0.47 00-F0-4C-83-54-5D 非广播-Reply 1
33 2007-05-27 16:23:24 2007-05-27 16:23:24 192.168.0.49 00-F0-4C-83-55-52 非广播-Reply 1
10 2007-05-27 16:23:02 2007-05-27 16:23:02 192.168.0.5 00-0D-61-99-12-DA 非广播-Reply 1
34 2007-05-27 16:23:24 2007-05-27 16:23:24 192.168.0.50 00-F0-4C-83-55-01 非广播-Reply 1
60 2007-05-27 16:25:10 2007-05-27 16:25:10 192.168.0.50 00-F0-4C-83-55-01 广播-Request 1
35 2007-05-27 16:23:24 2007-05-27 16:23:24 192.168.0.51 00-F0-4C-83-24-7B 非广播-Reply 1
69 2007-05-27 16:32:16 2007-05-27 16:33:29 192.168.0.51 00-F0-4C-83-24-7B 广播-Request 2
36 2007-05-27 16:23:24 2007-05-27 16:23:24 192.168.0.52 00-F0-4C-83-24-DC 非广播-Reply 1
37 2007-05-27 16:23:24 2007-05-27 16:23:24 192.168.0.53 00-F0-4C-83-54-61 非广播-Reply 1
38 2007-05-27 16:23:24 2007-05-27 16:23:24 192.168.0.54 00-F0-4C-83-54-B1 非广播-Reply 1
66 2007-05-27 16:30:17 2007-05-27 16:37:45 192.168.0.54 00-F0-4C-83-54-B1 广播-Request 6
39 2007-05-27 16:23:24 2007-05-27 16:23:24 192.168.0.55 00-F0-4C-83-54-B0 非广播-Reply 1
40 2007-05-27 16:23:24 2007-05-27 16:23:24 192.168.0.56 00-F0-4C-83-24-7A 非广播-Reply 1
41 2007-05-27 16:23:24 2007-05-27 16:23:24 192.168.0.57 00-F0-4C-83-55-B6 非广播-Reply 1
42 2007-05-27 16:23:24 2007-05-27 16:23:24 192.168.0.58 00-F0-4C-83-24-78 非广播-Reply 1
43 2007-05-27 16:23:24 2007-05-27 16:23:24 192.168.0.59 00-F0-4C-83-54-60 非广播-Reply 1
11 2007-05-27 16:23:02 2007-05-27 16:23:02 192.168.0.6 00-0D-61-99-1A-32 非广播-Reply 1
44 2007-05-27 16:23:24 2007-05-27 16:23:24 192.168.0.60 00-F0-4C-83-55-60 非广播-Reply 1
67 2007-05-27 16:31:10 2007-05-27 16:31:45 192.168.0.60 00-F0-4C-83-55-60 广播-Request 5
45 2007-05-27 16:23:24 2007-05-27 16:23:24 192.168.0.61 00-F0-4C-83-55-5E 非广播-Reply 1
46 2007-05-27 16:23:24 2007-05-27 16:23:24 192.168.0.62 00-F0-4C-83-54-5F 非广播-Reply 1
47 2007-05-27 16:23:24 2007-05-27 16:23:24 192.168.0.63 00-F0-4C-83-10-35 非广播-Reply 1
48 2007-05-27 16:23:24 2007-05-27 16:23:24 192.168.0.64 00-F0-4C-83-55-72 非广播-Reply 1
49 2007-05-27 16:23:24 2007-05-27 16:23:24 192.168.0.65 00-F0-4C-83-24-79 非广播-Reply 1
68 2007-05-27 16:31:24 2007-05-27 16:39:32 192.168.0.65 00-F0-4C-83-24-79 广播-Request 16
50 2007-05-27 16:23:24 2007-05-27 16:23:24 192.168.0.66 00-F0-4C-83-54-5B 非广播-Reply 1
56 2007-05-27 16:23:37 2007-05-27 16:23:58 192.168.0.66 00-F0-4C-83-54-5B 广播-Request 3
51 2007-05-27 16:23:24 2007-05-27 16:23:24 192.168.0.67 00-F0-4C-83-54-5C 非广播-Reply 1
52 2007-05-27 16:23:24 2007-05-27 16:23:24 192.168.0.68 00-F0-4C-82-BF-FC 非广播-Reply 1
53 2007-05-27 16:23:24 2007-05-27 16:23:24 192.168.0.69 00-0D-61-99-1A-DB 非广播-Reply 1
12 2007-05-27 16:23:02 2007-05-27 16:23:02 192.168.0.7 00-0D-61-99-26-E5 非广播-Reply 1
54 2007-05-27 16:23:25 2007-05-27 16:23:25 192.168.0.71 00-0D-61-99-26-E7 非广播-Reply 1
55 2007-05-27 16:23:28 2007-05-27 16:23:28 192.168.0.75 00-0D-61-9A-4E-C5 非广播-Reply 1
13 2007-05-27 16:23:02 2007-05-27 16:23:02 192.168.0.8 00-0D-61-99-0A-46 非广播-Reply 1
71 2007-05-27 16:33:48 2007-05-27 16:33:48 192.168.0.55 00-F0-4C-83-54-B0 广播-Request 1
72 2007-05-27 16:34:23 2007-05-27 16:34:32 192.168.0.46 00-F0-4C-83-54-FC 广播-Request 4
73 2007-05-27 16:34:26 2007-05-27 16:43:07 192.168.0.69 00-0D-61-99-1A-DB 广播-Request 2
74 2007-05-27 16:34:48 2007-05-27 16:35:17 192.168.0.15 00-0D-61-9A-53-EB 广播-Request 5
75 2007-05-27 16:35:12 2007-05-27 16:35:12 192.168.0.49 00-F0-4C-83-55-52 广播-Request 1
76 2007-05-27 16:35:34 2007-05-27 16:36:19 192.168.0.47 00-F0-4C-83-54-5D 广播-Request 4
77 2007-05-27 16:36:05 2007-05-27 16:39:21 192.168.0.26 00-0D-61-99-1B-0B 广播-Request 6
78 2007-05-27 16:36:06 2007-05-27 16:37:33 192.168.0.16 00-0D-61-9A-4F-BE 广播-Request 6
79 2007-05-27 16:36:29 2007-05-27 16:36:54 192.168.0.27 00-0D-61-99-15-44 广播-Request 5
80 2007-05-27 16:38:06 2007-05-27 16:38:06 192.168.0.5 00-0D-61-99-12-DA 广播-Request 1
81 2007-05-27 16:38:55 2007-05-27 16:43:58 192.168.0.25 00-0D-61-99-1F-68 广播-Request 8
82 2007-05-27 16:39:46 2007-05-27 16:39:46 192.168.0.41 00-F0-4C-83-55-B4 广播-Request 1
83 2007-05-27 16:41:41 2007-05-27 16:41:41 192.168.0.44 00-F0-4C-83-55-FB 广播-Request 1
84 2007-05-27 16:43:32 2007-05-27 16:43:32 192.168.0.8 00-0D-61-99-0A-46 广播-Request 1
雄鹰在飞翔 2007-6-30 17:56
如果网络中有个个攻击计算机,一直用你的ip和mac伪装一个syn来攻击网关,而且攻击速度想当快,那么连接你和他的交换机就会认为你连接在攻击者所在的交换端口上(交换机的mac表),网关发送给你的所有数据就会被交换机丢到攻击者所在的端口,你就无法与网络其他设备通讯。
当然你arp -d的一瞬间,可能你又会把这个信息夺回来。但是别人速度很快,你只能通一个包。
现在的交换网络,好像还不能解决这个问题。
如果非要解决的话,不妨换hub试试
