Arp攻击续,现象求解。
Arp攻击续现象一:
window下检查,发现局域网内Linux机器不能被检查。并且,一直作怪的mac地址08:10:74:11:2D:90也没有。但是个机器不停受到08:10:74:11:2D:90的攻击。
D:\nbtscan>nbtscan.exe 192.168.74.0/24/24
Doing NBT name scan for addresses from 192.168.74.0/24/24
192.168.74.189 PC-7493228 <server> <unknown> 00-1d-60-21-59-84
192.168.74.200 Recvfrom failed: Connection reset by peer
192.168.74.203 NANWAIKE-01 <server> <unknown> 00-1d-60-21-65-48
192.168.74.212 VIP2 <server> <unknown> 00-1d-60-21-78-fb
192.168.74.214 NVXINDIAN-01 <server> <unknown> 00-1d-60-21-5e-5f
现象二:
Linux下ifconfig命令显示mac为00:15:17:11:43:14,也没错。
[root@localhost ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:15:17:11:43:14
inet addr:192.168.74.200 Bcast:192.168.74.255 Mask:255.255.255.0
inet6 addr: fe80::215:17ff:fe11:4314/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8845587 errors:0 dropped:0 overruns:0 frame:0
TX packets:11652203 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:1033580833 (985.6 MiB) TX bytes:15025014683 (13.9 GiB)
Base address:0x3020 Memory:b8820000-b8840000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:82470094 errors:0 dropped:0 overruns:0 frame:0
TX packets:82470094 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:220058363509 (204.9 GiB) TX bytes:220058363509 (204.9 GiB)
现象三:
linux下arping命令测试。终于发现了08:10:74:11:2D:90这个mac的行踪。
[root@localhost ~]# arping -U -I eth0 -s 192.168.74.200 192.168.74.65 -c 5
ARPING 192.168.74.65 from 192.168.74.200 eth0
Unicast reply from 192.168.74.65 [08:10:74:11:2D:90] 0.838ms
Unicast reply from 192.168.74.65 [08:10:74:11:2D:90] 0.764ms
Unicast reply from 192.168.74.65 [08:10:74:11:2D:90] 0.780ms
Unicast reply from 192.168.74.65 [08:10:74:11:2D:90] 0.775ms
Sent 5 probes (1 broadcast(s))
Received 4 response(s)
[root@localhost ~]#
问题:
08:10:74:11:2D:90这个mac地址在哪?
Linux机器中毒了?
arping这个命令测试的是什么?
页:
[1]