ARP
ARP (Address Resolution Protocol) is the Address Resolution Protocol, a protocol that converts IP addresses into physical addresses. There are two ways to map from IP addresses to physical addresses: tabular and non-tabular. Specifically, ARP resolves the network layer (IP layer, which is equivalent to the third layer of OSI) address into the MAC address of the data connection layer (MAC layer, which is equivalent to the second layer of OSI).
ARP principle: When a machine A wants to send a message to host B, it will query the local ARP cache table. After finding the MAC address corresponding to B's IP address, the data will be transmitted. If not found, A sends an ARP request message (carrying host A's IP address Ia - physical address Pa) to request host B with IP address Ib to reply with physical address Pb. All hosts on the network, including B, receive the ARP request, but only host B recognizes its own IP address, so it sends an ARP response message back to host A. It contains B's MAC address. After A receives B's response, it will update the local ARP cache. Then use this MAC address to send data (the MAC address is appended by the network card). Therefore, the ARP table of the local cache is the basis for local network circulation, and this cache is dynamic.
What is the principle of ARP attack and what is its impact?
Is your network frequently disconnected or IP conflicts often occur?
Are you worried about communication data being monitored (such as MSN, QQ, EMAIL)?
Does your server often suffer from ARP spoofing and Trojans implanted by hackers?
Are you suffering from various ARP attack software (such as Network Law Enforcement Officer, Network Scissorhands, LAN Terminator)?
The root cause of all the above problems is ARP spoofing (ARP attack). Before there is no ARP spoofing, the data flow is as follows: gateway "-" local machine. After ARP spoofing, the data flow direction is as follows: gateway "-" attacker ("network management") "-" local machine. All communication data between the local machine and the gateway will flow through the attacker ("network management"), so "being at the mercy of others" is inevitable.
After saying so much, I still don’t understand?
The above are all technical terms. If you don’t understand, you can simply understand it like this:
In the local area network, a computer infected with the ARP Trojan disguised itself as a router and told all the computers, "I am the router and everyone is here." As a result, everyone's computers believed him, and he could send modified network data to all computers at will. In this data, programs capable of stealing accounts could be inserted.
The ARP attack wants to steal my account, hit me with a Trojan horse, and send me advertisements, but why does it always drop out?
To put it simply metaphorically:
The computer in the Trojan horse pretends to be its own router and temporarily "knocks out" the real router to deceive everyone. The real router "wakes up" after a while and everyone returns to the embrace of the real router. During this network switching process, the network will be dropped. The stronger the ARP attack, the more frequent disconnections. Two real and fake routers are fighting. Haha.
Can 360ARP firewall prevent the above attacks? Does it conflict with other firewalls?
By intercepting ARP attack packets at the system kernel layer, 360ARP firewall ensures that the correct MAC address of the gateway is not tampered with, ensuring that the data flows in the correct direction without passing through a third party, thus ensuring the security of communication data, ensuring smooth network flow, and ensuring that communication data is not controlled by a third party, perfectly solving the problem of ARP attacks in the local area network.
* Kernel layer intercepts ARP attacks.
Intercepts external ARP attack packets at the system kernel layer to protect the system from ARP spoofing and ARP attacks, keeping the network smooth and communication secure. Using kernel interception technology, the running speed of the machine is not affected in any way.
* Track attackers.
After an attack is discovered, the attacker's IP address and attacking machine name are automatically located (obtaining may not be successful under some network conditions).
* ARP cache protection.
Prevent malicious attack programs from tampering with the local ARP cache.