Table of Contents
Advertisement
address of 192.168.1.1 is 00-aa-00-62-c6-09". So Host A knows the MAC address of Host B, and it can send
data to Host B. Meanwhile, it will update its ARP cache.
Moreover, ARP virus attack can be briefly described as an internal attack to the PC, which causes trouble
to the ARP table of the PC. In LAN, IP address was transferred into the second physical address (MAC
address) through ARP protocol. ARP protocol is critical to network security. ARP cheating is caused by fake IP
addresses and MAC addresses, and the massive ARP communications traffic will block the network. The
MAC address from the fake source sends ARP response, attacking the high-speed cache mechanism of ARP.
This usually happens to the cyber cafe users. Some or all devices in the shop experience temporal
disconnection or failure of going online. It can be resolved by restarting the device; however, the problem
repeats shortly after. Cafe Administrators can use arp –a command to check the ARP table. If the device IP
and MAC are changed, it is the typical symptom of ARP virus attack.
Such virus program as PWSteal. lemir or its transformation is worm virus of the Trojan programs affecting
Windows 95/ 98/ Me/ NT/ 2000/ XP/ 2003. There are two attack methods affecting the network connection
speed: cheat on the ARP table in the device or LAN PC. The former intercepts the gateway data and send
ceaselessly a series of wrong MAC messages to the device, which sends out wrong MAC address. The PC
thus cannot receive the messages. The later is ARP attack by fake gateways. A fake gateway is established.
The PC which is cheated sends data to this gateway and doesn't go online through the normal device. From
the PC end, the situation is "disconnection".
For these two situations, the device and client setup must be done to prevent ARP virus attack, which is
to guarantee the complete resolution of the issue. The device selection is advised to take into consideration
the one with anti-ARP virus attack. Qno products come squarely with such a feature, which is very
user-friendly compared to other products.
2.
ARP Diagnostic
If one or more computers are affected by the ARP virus, we must learn how to diagnose and take
appropriate measures. The following is experience shared by Qno technical engineers with regard to the ARP
prevention.
Through the ARP working principle, it is known that if the ARP cache is changed and the device is
constantly notified with the series of error IP or if there is cheat by fake gateway, then the issue of
disconnection will affect a great number of devices. This is the typical ARP attack. It is very easy to judge if
there is ARP attack. Once users find the PC point where there is problem, users may enter the DOS system to
conduct operation, pining the LAN IP to see the packet loss. Enter the ping 192.168.1.1 (Gateway IP address)
as illustrated.
202
V
P
N
Q
o
S
W
i
r
e
l
e
s
s
R
o
u
V
P
N
Q
o
S
W
i
r
e
l
e
s
s
R
o
u
t
e
r
t
e
r
Advertisement
Table of Contents
