本文介绍了一款名为ipguard的软件,它通过ARP欺骗防护来保护局域网内的IP地址空间。文章详细解释了如何安装该软件并创建必要的配置文件以确保网络的安全。
导读:
软件的名称是ipguard,位置在/usr/ports/security/ipguard。
简短描述是:
“Tool designed to protect LAN IP adress space by ARP spoofing”,
详细描述是:
“ipguard listens network for ARP packets. All permitted MAC/IP pairs
listed in ‘ethers’ file. If it recieves one with MAC/IP pair, which is
not listed in ‘ethers’ file, it will send ARP reply with configured
fake address. This will prevent not permitted host to work properly
in this ethernet segment. Especially Windows(TM) hosts.”
功能就是使用一个经过配置的文件’ethers’来保护网内计算机以抵御arp欺骗、攻击。
安装后的输出内容:
===> INSTALL NOTES:
Now create /etc/ethers file (see ethers(5)) and then start ipguard:
(cd /usr/local/etc/rc.d mv ipguard.sh.sample ipguard.sh
/usr/local/etc/rc.d/ipguard.sh start)
安装后未执行make clean命令时:
cat /usr/ports/security/ipguard/work/ipguard-0.04/doc/ethers.sample
文件实例,参考。
补充:
ipguard.sh启动脚本里默认有iface=fxp0,这里应该替换为你做NAT的内网网卡名称。
软件的名称是ipguard,位置在/usr/ports/security/ipguard。
简短描述是:
“Tool designed to protect LAN IP adress space by ARP spoofing”,
详细描述是:
“ipguard listens network for ARP packets. All permitted MAC/IP pairs
listed in ‘ethers’ file. If it recieves one with MAC/IP pair, which is
not listed in ‘ethers’ file, it will send ARP reply with configured
fake address. This will prevent not permitted host to work properly
in this ethernet segment. Especially Windows(TM) hosts.”
功能就是使用一个经过配置的文件’ethers’来保护网内计算机以抵御arp欺骗、攻击。
安装后的输出内容:
===> INSTALL NOTES:
Now create /etc/ethers file (see ethers(5)) and then start ipguard:
(cd /usr/local/etc/rc.d mv ipguard.sh.sample ipguard.sh
/usr/local/etc/rc.d/ipguard.sh start)
安装后未执行make clean命令时:
cat /usr/ports/security/ipguard/work/ipguard-0.04/doc/ethers.sample
文件实例,参考。
补充:
ipguard.sh启动脚本里默认有iface=fxp0,这里应该替换为你做NAT的内网网卡名称。
扫一扫
1
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
