Solution To Arp Attacks In Campus Network - Zte ZXR10 2900E series Configuration Manual

Easy-maintenance secure switch

Hide thumbs Also See for ZXR10 2900E series:

Command reference manual (692 pages)

Command reference manual (750 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

page of 307

/ 307
Contents
Table of Contents
Bookmarks

Table of Contents

Solution

The engineers of company B change the shared key to "amtium", and the problem is solved

completely.

7.3.9 Solution to ARP Attacks in Campus Network

Symptom

Eleven access layer switches ZXR10 2900E in the same VLAN in a student dormitory

building cannot connect the network. 40% of users in this building failed to access the

Internet.

Fault Analysis

After checking the network management system, maintenance engineers found that the

eleven switches were disconnected and failed to be pinged. The maintenance engineers

arrived at the weak electricity well in which four switches were installed, accessed the

switch whose IP address was 172.168.0.123 through HyperTerminal, and found its CPU

usage reached 93%–100%. The maintenance engineers checked the alarm information

and configuration information, but no exception was found. The maintenance engineers

then accessed the convergence layer switch T40G and found an alarm "port 4 receives

too many ARP broadcast packets". After checking the traffic on this port, the maintenance

engineers found that about 100,000 broadcast packets were added every ten seconds.

After analyzing the ZXR10 2900E connected to the port, the maintenance engineers found

the following conditions:

1. There was a loop on the user side.

2. A user's computer was infected by a virus and sent broadcast packets continuously.

3. A user's computer was installed with the ARP attack software and sent ARP attack

packets continuously.

The IP address of the ZXR10 2900E connected to the port was 172.168.0.111. The

maintenance engineers connected the switch through a network cable and captured

packets. After analyzing the packets, the maintenance engineers found that a computer

with the MAC address "00:19:e0:a9:5a:fc" sent ARP broadcast packets continuously.

Based on the label on the network cable, the computer was in room 2606. After the

maintenance engineers removed its network cable, the eleven switches recovered normal

and CPU utilization was no more than 5%.

Solution

1. Filter out the MAC address of the computer on the access layer switch and prohibit it

from accessing the Internet.

2. Notify the central equipment room of the school to prohibit the computer from

accessing the Internet before its hard disk is formatted and the system is reinstalled.

3. Install an ARP virus kill tool on all computers.

SJ-20130731155059-002|2013-11-27 (R1.0)

7-9

ZTE Proprietary and Confidential

Chapter 7 Maintenance

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

Solution To Arp Attacks In Campus Network - Zte ZXR10 2900E series Configuration Manual

7.3.9 Solution to ARP Attacks in Campus Network

Hide quick links:

Related Manuals for Zte ZXR10 2900E series

Related Content for Zte ZXR10 2900E series

Table of Contents