通信人家园

标题: 内网ARP攻击的解决办法 [查看完整版帖子] [打印本页]

时间: 2020-5-19 14:33

作者: audio628 标题: 内网ARP攻击的解决办法

内网ARP攻击的解决办法：

在三层交换机（以华为举例）上使用命令：

[HW-S5720]dis logbuffer

查询得到如下信息：Detected an IP address collision. (IpAddress=103.210.8.210, LocalMacAddress=cc53-b5ee-2d6b,

LocalInterfaceName=GigabitEthernet0/0/31, LocalVlanId=72, ReceiveMacAddress=008c-fa86-ce90,

ReceiveInterfaceName=GigabitEthernet0/0/18, ReceiveVlanId=72)

解释：检测到IP冲突，两个MAC解析同一个IP地址，先核实正确MAC，然后一步一步查询错误的MAC如:008c-fa86-ce90在哪台机器,关闭其端口即可。

用MAC追踪机器的具体方法如下（三层华为，二层思科）：

[Huawei]dis mac-address 008c-fa86-ce90

MAC address table of slot 0:

-------------------------------------------------------------------------------

MAC Address VLAN/ PEVLAN CEVLAN Port Type LSP/LSR-ID

VSI/SI MAC-Tunnel

-------------------------------------------------------------------------------

008c-fa86-ce90 72 - - GE0/0/18 dynamic 0/-

CISCO#show mac address-table address 008c.fa86.ce90

Unicast Entries

vlan mac address type protocols port

-------+---------------+--------+---------------------+--------------------

1845 008c.fa86.ce90 dynamic ip GigabitEthernet1/9

通信人家园 (https://www.txrjy.com/)