本文内容涉及：

1、linux and windows 上arp命令的应用；

2、/etc/ethers 文件的格式

3、防止IP 盗用的方法。
_________________
※※※※※※※※※※※※※※※※※※※※
携手同行
cnhero@163.com
http://www.cn-cio.org

我的IP防盗用实验

一、在linux的GW上面：

[root@iwfw root]# arp -a
? (192.168.10.189) at 00:50:04:BE:14:13 [ether] PERM on eth1
? (172.18.88.1) at 00:10:B2:4C:7F:B8 [ether] PERM on eth0
[root@iwfw root]# arp -a > ethers

下面修改ethers文件的格式：MAC IP
例如
00:50:04:BE:14:13 192.168.10.189

[root@iwfw root]# vi ethers

00:50:04:BE:14:13 192.168.10.189
00:00:00:00:00:00 192.168.10.188
00:00:00:00:00:00 192.168.10.187

00:10:B2:4C:7F:B8 172.18.88.1
~

在上面，我还讲两个没有使用的IP地址给绑到一个 不存在的MAC地址上了
下面将读这个文件内容，放到ARP缓冲中去
[root@iwfw root]# arp -f ethers
[root@iwfw root]# arp -a
? (192.168.10.187) at 00:00:00:00:00:00 [ether] PERM on eth1
? (192.168.10.188) at 00:00:00:00:00:00 [ether] PERM on eth1
? (192.168.10.189) at 00:50:04:BE:14:13 [ether] PERM on eth1
? (172.18.88.1) at 00:10:B2:4C:7F:B8 [ether] PERM on eth0
[root@iwfw root]#


******************************
二、在WIN XP上面，进入cmd命令行界面：

Microsoft Windows XP [版本 5.1.2600]
(C) 版权所有 1985-2001 Microsoft Corp.

###### ping 网关，测试网络通否
C:\Documents and Settings\baby>ping 192.168.10.1

Pinging 192.168.10.1 with 32 bytes of data:

Reply from 192.168.10.1: bytes=32 time<1ms TTL=64
Reply from 192.168.10.1: bytes=32 time<1ms TTL=64
Reply from 192.168.10.1: bytes=32 time<1ms TTL=64
Reply from 192.168.10.1: bytes=32 time<1ms TTL=64

Ping statistics for 192.168.10.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms


###### WIN XP 也有 arp -a 命令呢，查询ARP缓冲
C:\Documents and Settings\baby>arp -a

Interface: 192.168.10.189 --- 0x10005
Internet Address Physical Address Type
192.168.10.1 00-e0-4c-e3-81-cd dynamic


###### 查看XIN XP 网络连接的设置，除了IP还可以看到MAC地址
C:\Documents and Settings\baby>ipconfig -all

Windows IP Configuration

Host Name . . . . . . . . . . . . : jzj-yrdoh2k26vo
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No


Ethernet adapter 本地连接:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 3Com EtherLink XL 10/100 PCI TX NIC
(3C905B-TX)
Physical Address. . . . . . . . . : 00-50-04-BE-14-13
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.10.189
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.10.1
DNS Servers . . . . . . . . . . . : 211.93.80.129



###### 我们把IP地址修改成192.168.10.188， ping 网关，测试网络通否
C:\Documents and Settings\baby>ping 192.168.10.1

Pinging 192.168.10.1 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 61.243.188.150:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

###### 可以看到，网络被阻断了，下面修改回来原来的192.168.10.189地址，再次测试，发现linux网关放行了
C:\Documents and Settings\baby>ping 192.168.10.1

Pinging 61.243.188.150 with 32 bytes of data:

Reply from 192.168.10.1: bytes=32 time<1ms TTL=62
Reply from 192.168.10.1: bytes=32 time<1ms TTL=62
Reply from 192.168.10.1: bytes=32 time<1ms TTL=62
Reply from 192.168.10.1: bytes=32 time<1ms TTL=62

Ping statistics for 192.168.10.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

******************************
#############
#############
三、实验结论：
使用 内容为
00:50:04:BE:14:13 192.168.10.189
00:00:00:00:00:00 192.168.10.188
的 ethers 文件，并且使用
#arp -f ethers
命令加载到缓冲中去，可以很好的防止用户私自更改工作站的IP设置。
_________________
※※※※※※※※※※※※※※※※※※※※
携手同行
cnhero@163.com
http://www.cn-cio.org