本文内容涉及:
1、linux and windows 上arp命令的应用;
2、/etc/ethers 文件的格式
3、防止IP 盗用的方法。
_________________
※※※※※※※※※※※※※※※※※※※※
携手同行
cnhero@163.com
http://www.cn-cio.org
我的IP防盗用实验
一、在linux的GW上面:
[root@iwfw root]# arp -a
? (192.168.10.189) at 00:50:04:BE:14:13 [ether] PERM on eth1
? (172.18.88.1) at 00:10:B2:4C:7F:B8 [ether] PERM on eth0
[root@iwfw root]# arp -a > ethers
下面修改ethers文件的格式:MAC IP
例如
00:50:04:BE:14:13 192.168.10.189
[root@iwfw root]# vi ethers
00:50:04:BE:14:13 192.168.10.189
00:00:00:00:00:00 192.168.10.188
00:00:00:00:00:00 192.168.10.187
00:10:B2:4C:7F:B8 172.18.88.1
~
在上面,我还讲两个没有使用的IP地址给绑到一个 不存在的MAC地址上了
下面将读这个文件内容,放到ARP缓冲中去
[root@iwfw root]# arp -f ethers
[root@iwfw root]# arp -a
? (192.168.10.187) at 00:00:00:00:00:00 [ether] PERM on eth1
? (192.168.10.188) at 00:00:00:00:00:00 [ether] PERM on eth1
? (192.168.10.189) at 00:50:04:BE:14:13 [ether] PERM on eth1
? (172.18.88.1) at 00:10:B2:4C:7F:B8 [ether] PERM on eth0
[root@iwfw root]#
******************************
二、在WIN XP上面,进入cmd命令行界面:
Microsoft Windows XP [版本 5.1.2600]
(C) 版权所有 1985-2001 Microsoft Corp.
###### ping 网关,测试网络通否
C:\Documents and Settings\baby>ping 192.168.10.1
Pinging 192.168.10.1 with 32 bytes of data:
Reply from 192.168.10.1: bytes=32 time<1ms TTL=64
Reply from 192.168.10.1: bytes=32 time<1ms TTL=64
Reply from 192.168.10.1: bytes=32 time<1ms TTL=64
Reply from 192.168.10.1: bytes=32 time<1ms TTL=64
Ping statistics for 192.168.10.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
###### WIN XP 也有 arp -a 命令呢,查询ARP缓冲
C:\Documents and Settings\baby>arp -a
Interface: 192.168.10.189 --- 0x10005
Internet Address Physical Address Type
192.168.10.1 00-e0-4c-e3-81-cd dynamic
###### 查看XIN XP 网络连接的设置,除了IP还可以看到MAC地址
C:\Documents and Settings\baby>ipconfig -all
Windows IP Configuration
Host Name . . . . . . . . . . . . : jzj-yrdoh2k26vo
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter 本地连接:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 3Com EtherLink XL 10/100 PCI TX NIC
(3C905B-TX)
Physical Address. . . . . . . . . : 00-50-04-BE-14-13
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.10.189
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.10.1
DNS Servers . . . . . . . . . . . : 211.93.80.129
###### 我们把IP地址修改成192.168.10.188, ping 网关,测试网络通否
C:\Documents and Settings\baby>ping 192.168.10.1
Pinging 192.168.10.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 61.243.188.150:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
###### 可以看到,网络被阻断了,下面修改回来原来的192.168.10.189地址,再次测试,发现linux网关放行了
C:\Documents and Settings\baby>ping 192.168.10.1
Pinging 61.243.188.150 with 32 bytes of data:
Reply from 192.168.10.1: bytes=32 time<1ms TTL=62
Reply from 192.168.10.1: bytes=32 time<1ms TTL=62
Reply from 192.168.10.1: bytes=32 time<1ms TTL=62
Reply from 192.168.10.1: bytes=32 time<1ms TTL=62
Ping statistics for 192.168.10.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
******************************
#############
#############
三、实验结论:
使用 内容为
00:50:04:BE:14:13 192.168.10.189
00:00:00:00:00:00 192.168.10.188
的 ethers 文件,并且使用
#arp -f ethers
命令加载到缓冲中去,可以很好的防止用户私自更改工作站的IP设置。
_________________
※※※※※※※※※※※※※※※※※※※※
携手同行
cnhero@163.com
http://www.cn-cio.org