Use Lns to eliminate Arp spoofing
, Arp spoofing is a very annoying attack for servers
for the sake of illustration, let’s first assume a subnet environment:
gateway: IP = IP-1, MAC = 11:11:11:11:11:11
native: IP = IP-2, MAC = 22:22:22:22:22:22
host A:, IP = IP-A, MAC = AA:AA:AA:AA:AA:AA
host B:, IP = IP-B, MAC = BB:BB:BB:BB:BB:BB
host C:, IP = IP-C, MAC = CC:CC:CC:CC:CC:CC
Any two hosts in
subnet (gateway can also be regarded as a host) to communicate normally, they need to know each other’s network card address MAC. If one does not know the other party’s MAC, the ARP query must be made.
ARP query process
in a normal subnet, a full ARP query requires a query broadcast and a point to point response. The query contains a query to the radio host IP, the broadcast network can quilt of each host card received card will check to check the IP and whether the IP is equal, the range is directly discarded, equal to the data packet will be submitted to the system kernel (an interrupt), kernel call card driver analysis of received packets, and then build a response packet back to the query of the host, the host receives the query response to update their ARP cache table.
corresponds to the setting of LnS. This communication process requires two rules. The MAC of the host B is taken as an example,
, 22:22:22:22:22:22, => FF:FF:FF:FF:FF:FF (allow local broadcast)
II 22:22:22:22:22:22 < = = BB:BB:BB:BB:BB:BB (allow host B to answer native inbound)
rules: => < said that = that was, = = said two-way.
note that when you set this LnS rule, there is a rule that always puts the source to the left, the object to the right, the direction to both directions, and the machine to the left, and the far end to the right.
as long as any step off the query process, the query process will fail. For example, someone looking for collection of your company, Secretary to the general manager to all kinds of reasons to make the debt initiative not to general manager, even if met, the general manager.