回答满意否作者: darkradx 时间: 2008-2-13 23:28 1.你真的弄明白防火墙了吗
2.别迷信windows的arp -s, 一个arp包就把它刷新了, 绑定不了的
3.进阶知识, 下面是我很久很久以前改的支持挡arp的ndis_fw防火墙配置语句:
--------------------------------
deny arp in from 218.194.38.88 to any nolog
deny arp in from 218.194.38.1 to 218.194.38.1 ipproto 1
deny arp in from 218.194.38.1 to 218.194.38.88 ipproto 2
#下面arp攻击需要处理
#FreeARP Request from 218.194.38.88(host1) to 218.194.38.88(broad) proto 1
#FreeARP Reply from 218.194.38.88(host2) to 218.194.38.88(host1/broad) proto 2
#ARPspoof from 218.194.38.1 to 218.194.38.1 proto 1
#ARPspoof from 218.194.38.1 to 218.194.38.88 proto 2
#ARPspoof from 218.194.38.88 to 218.194.38.1 proto 2
#第5条不能用firewall,而应该用sendarp
----------------------------------------作者: sugarsuper 时间: 2008-3-1 11:48 标题: 请教