|
贊助商連結 Hendry 2006-11-17, 08:50 PM 區網內某一台電腦一直出現IP重複的訊息!!改了IP不到1分鐘又會出現該訊息! 不曉得ARP的攻擊是否會有這樣的情形?或是硬體的問題? 若是ARP攻擊要如何找出發出攻擊的PC? GATEWAY:192.168.0.1 (IP 分享器) 子網路遮罩:255.255.255.0 DNS:168.95.1.1 網內約10台電腦,IP分享器沒開DHCP,全部手動打192.168.0.XX 另外只要那台電腦一關,就會有另外一台出現IP重複訊息,改了一樣沒用....:confused: 贊助商連結 lamina 2006-11-17, 09:58 PM 試試 WinArpAttacker 英文 readme.rxt 摘要.... 1.3 Detect -. What is the most important function, it can detect almost all attacking actions metioned as above as well as host status. the event WinArpAttacker can detect is listed as following: SrcMac_Mismath - Host sent an arp packet, its src_mac doesn't match,so the packet will be ignored. DstMac_Mismath - Host recv an arp packet, its dst_mac doesn't match,so the packet will be ignored. Arp_Scan - Host is scanning the lan by arp request for a hosts list. Arp_Antisniff_Scan - Host is scanning the lan for sniffing host,thus the scanner can know who is sniffing. Host_Online - Host is online now. Host_Modify_IP - Host modified its ip to or added a new IP. Host_Modify_MAC - Host modified its mac address. New_Host - New gost was found. Host_Add_IP - Host added a new ip address. Multi_IP_Host - Host has multi-ip addresses. Multi_Mac_Host - Host has multi-mac addresses. Attack_Flood - Host sends a lot of arp packets to another host ,so the target computer maybe slow down. Attack_Spoof - Host sends special arp packets to sniff the data two targets , so the victims' data exposed. Attack_Spoof_Lan - Host lets all host on the lan believe that it's just a gateway, so the intruder can sniff all hosts' data to the real gateway. Attack_Spoof_Ban_Access - Host told host that host has a inexist mac,so the targets can't communicate with each other. Attack_Spoof_Ban_Access_GW - Host told host that the gateway has a inexist mac, so the target can't access the internet through the gateway. Attack_Spoof_Ban_Access_Lan - Host broadcast host's mac as a inexist mac, so the target can't communicate with all hosts on the lan. Attack_IP_Conflict - Host found another host has same ip as its, so the target would be disturbed by ip conflict messages. Local_Arp_Entry_Change - now WinArpAttacker can watch local arp entry, when a host's mac address in local arp table is changed, WinArpAttacker can report. Local_Arp_Entry_Add - When a mac address of a host is added to local arp table, WinArpAttacker can report. -. It can explain each event which WinArpAttacker detected. -. It can save events to file. Hendry 2006-11-17, 11:12 PM 感謝lamina~這套軟體很不錯^^ 但是小弟用NetCut 2.0去attact網內其他台電腦,在軟體中的ActHost似乎查不到發出攻擊的電腦@@? 他都顯示0.0.0.0 這樣來說就只能從ArpSQ的流量來猜測攻擊的電腦了嗎? 門神 2006-11-18, 04:40 PM 最簡單的方法 拔線插線 !! |
|
|