C114门户论坛百科APPEN| 举报 切换到宽版

亚星游戏官网

 找回密码
 注册

只需一步,快速开始

短信验证,便捷登录

搜索
查看: 2285|回复: 0

[技术讨论] 内网ARP攻击的解决办法 [复制链接]

军衔等级:

亚星游戏官网-yaxin222  新兵

注册:2012-2-13
发表于 2020-5-19 14:33:33 |显示全部楼层
内网ARP攻击的解决办法:
在三层交换机(以HUAWEI举例)上使用命令:
[HW-S5720]dis logbuffer
查询得到如下信息:Detected an IP address collision. (IpAddress=103.210.8.210, LocalMacAddress=cc53-b5ee-2d6b,
LocalInterfaceName=GigabitEthernet0/0/31, LocalVlanId=72, ReceiveMacAddress=008c-fa86-ce90,
ReceiveInterfaceName=GigabitEthernet0/0/18, ReceiveVlanId=72)
说明:检测到IP冲突,两个MAC解析同一个IP地址,先核实正确MAC,然后一步一步查询错误的MAC:008c-fa86-ce90在哪台机器,关闭其端口即可
MAC追踪机器的具体方法如下(三层HUAWEI,二层思科):
[Huawei]dis mac-address 008c-fa86-ce90
MAC address table of slot 0:
-------------------------------------------------------------------------------
MAC Address VLAN/ PEVLAN CEVLAN Port Type LSP/LSR-ID
VSI/SI MAC-Tunnel
-------------------------------------------------------------------------------
008c-fa86-ce90 72 - - GE0/0/18 dynamic 0/-
CISCO#show mac address-table address 008c.fa86.ce90
Unicast Entries
vlan mac address type protocols port
-------+---------------+--------+---------------------+--------------------
1845 008c.fa86.ce90 dynamic ip GigabitEthernet1/9

举报本楼

您需要登录后才可以回帖 登录 | 注册 |

手机版|C114 ( 沪ICP备12002291号-1 )|联系大家 |网站地图  

GMT+8, 2024-11-19 05:50 , Processed in 0.106673 second(s), 15 queries , Gzip On.

Copyright © 1999-2023 C114 All Rights Reserved

Discuz Licensed

回顶部
XML 地图 | Sitemap 地图