12-laboratoriya ishi arp poisoning tarmoq hujumi tahlili ishdan
Amaliy qism. ARP spoofingdan himoya tizimini yoqish.
Device> enable Device# configure terminal Device(config)# arp anti-spoofing Device(config)# arp anti-spoofing unknown discard Xost xavfsizligini sozlash
Portdagi xost xavfsizligini sozlash portga noma'lum ARP paketlarini tashlashga imkon beradi. Qurilmani noma'lum ARP paketlarini tushirish uchun sozlashda IP portni bog'lashni sozlang. Bu ushbu IP-manzilning ARP paketiga boshqa portlarga faqat ushbu tuzilgan port orqali manevr qilish imkoniyatini beradi. Agar ushbu IP-manzilning ARP to'plami boshqa portga kirsa, u o'chiriladi.
Device> enable Device# configure terminal Device# host bind ip 192.168.5.13 ethernet 1/2 Manba MAC manzilini tekshirishni sozlash.
MAC-manzilning izchilligini tekshirishni sozlash uchun ushbu protsedurani bajarish kerak.
Device> enable Device# configure terminal Device# arp anti-spoofing valid-check Antispofing shlyuzini sozlash.
Shlyuzni soxtalashtirishni sozlash uchun ushbu protsedurani bajarish kerak.
Device> enable Device# configure terminal Device# arp anti-spoofing deny-disguiser Ishonch portini sozlash.
Ishonch portini sozlash uchun ushbu protsedurani bajarish kerak.
Device> enable Device# configure terminal Device# interface fastEthernet (interfeys portining raqamini ko'rsating) Device# arp anti trust Ishonchli port sozlamalarini o'chirish uchun quyidagi buyruqni kiriting:
Device# no arp anti trust Anti-Flood Attackni sozlash.
Toshqinlarga qarshi hujumni tashkil qilish uchun ushbu protsedurani bajarish kerak.
Device> enable Device# configure terminal Device(config)# arp anti-flood Device(config)# arp anti-flood threshold (odatda sekundiga 16 paket) Device(config)# arp anti-flood action deny-arp {deny-all|deny-arp} {deny-all | deny-arp} (Yiqiladigan paketlar turini belgilaydi.deny-all: Xostni manzilning qora ro'yxatiga qo'shadi va barcha packets.deny- arp: Faqat ARP paketlarini tashlaydi)
Device(config)# arp anti-flood recover-time 100 Device(config)# arp anti-flood recover 00:00:00:00:32:33 Device# interface fastEthernet (interfeys portining raqamini ko'rsating) Device(config)# arp anti-flood threshold ARP snooping va Flood Attack hujumini kuzatish.
ARP Snooping va Flood Attack-ni kuzatish uchun quyidagi jadvaldagi buyruqlardan foydalanish mumkin.
Jadval 12.1. ARP Snooping va Flood Attack buyruqlari