摘要
随着各种病毒与木马程序的泛滥,ARe欺骗在以太网校园网中已经成为危害网络正常稳定运行的主要问题。文章在对ARP攻击方式进行深入分析的基础上,阐述了DAI如何预防ARP欺骗的工作原理。以Cisco3750交换机为例设计了基于DAI的防御方案;指出了在配置过程中应注意的事项;分析了目前DAI的局限以及对进一步防御的展望。
With the malicious spread of various viruses and Trojan, ARP attack has become one of the major problems for Ethernet net. Through a detailed analysis of ARP attack modes, this article displays the working principle of DAI( Dynamic ARP Inspection) and then explains how to design the guard plan with the switch Of Cisco 3750 based on DAI. Furthermore, it gives special tips as to the conforming of the plan. Finally, it also illustrates the limitations in the real situation, and looks into the future of the deeper guard.
