来源:蜘蛛抓取(WebSpider)
时间:2017-07-05 07:27
标签:
路由器arp攻击
概述/MAC地址
MAC地址(MAC Address)MAC(Medium/Media Access Control)地址,用来表示互联网上每一个站点的标识符,采用十六进制数表示,共六个字节(48位)。其中,前三个字节是由IEEE的注册管理机构RA负责给不同厂家分配的代码(高位24位),也称为“编制上唯一的标识符”(Organizationally Unique Identifier),后三个字节(低位24位)由各厂家自行指派给生产的适配器接口,称为扩展标识符(唯一性)。一个地址块可以生成2个不同的地址。MAC地址实际上就是适配器地址或适配器标识符EUI-48。
解释/MAC地址
MAC(Media Access Control,介质访问控制)地址,也叫硬件地址,长度是48比特(6字节),由16进制的数字组成,分为前24位和后24位:前24位叫做组织唯一标志符(Organizationally Unique Identifier,即OUI),是由IEEE的注册管理机构给不同厂家分配的代码,区分了不同的厂家。后24位是由厂家自己分配的,称为扩展标识符。同一个厂家生产的网卡中MAC地址后24位是不同的。MAC地址对应于OSI参考模型的第二层数据链路层,工作在数据链路层的交换机维护着计算机MAC地址和自身端口的数据库,交换机根据收到的数据帧中的“目的MAC地址”字段来转发数据帧。MAC地址其中第1字节的第8Bit(如图中00-50-BA-...对应的10-...,加粗字体的Bit)标识这个地址是组播地址还是单播地址。这是由以太网的传输协议高字节先传,但每一字节内低位先传的特性所决定的,见IEEE 802.3 3.2.3 Address fields: “The first bit (LSB) shall be used in the Destination Address field as an address type designation bit to identify the Destination Address either as an individual or as a group address. If this bit is 0, it shall indicate that the address field contains an individual address. If this bit is 1, it shall indicate that the address field contains a group address that identifies none, one or more, or all of the stations connected to the LAN. In the Source Address field, the first bit is reserved and set to 0.”。事实上这传输的顺序为...“The first bit (LSB)”即是前言的第8Bit。网卡的物理地址通常是由网卡生产厂家烧入网卡的EPROM(一种闪存芯片,通常可以通过程序擦写),它存储的是传输数据时真正赖以标识发出数据的电脑和接收数据的主机的地址。也就是说,在网络底层的物理传输过程中,是通过物理地址来识别主机的,它一定是全球唯一的。比如,著名的以太网卡,其物理地址是48bit(比特位)的整数,如:44-45-53-54-00-00,以机器可读的方式存入主机接口中。以太网地址管理机构(除了管这个外还管别的)(IEEE)(IEEE:电气和电子工程师协会)将以太网地址,也就是48比特的不同组合,分为若干独立的连续地址组,生产以太网网卡的厂家就购买其中一组,具体生产时,逐个将唯一地址赋予以太网卡。形象地说,MAC地址就如同我们身份证上的身份证号码,具有全球唯一性。mac address
地址运用/MAC地址
MAC地址绑定就是利用三层交换机的安全控制列表将交换机上的端口与所对应的MAC地址进行捆绑。基本意义由于每个网络适配卡具有唯一的MAC地址,为了有效防止非法用户盗用网络资源,MAC地址绑定可以有效的规避非法用户的接入。以进行网络物理层面的安全保护。基本运用由于MAC地址绑定的安全性能,所以被大多数的终端用户所运用,以保证网络非法用户从非法途径进入网络,盗用网络资源。这个技术被广泛运用电信,一些OA办公的网络系统。更改方法MAC地址一般MAC地址在网卡中是固定的,当然也有网络高手会想办法去修改自己的MAC地址。修改自己的MAC地址有两种方法,一种是硬件修改,另外一种是软件修改。硬件修改硬件的方法就是直接对网卡进行操作,修改保存在网卡的EPROM里面的MAC地址,通过网卡生产厂家提供的修改程序可以更改存储器里的地址。那么什么叫做EPROM呢?EPROM是电子学中一种存储器的专业术语,它是可擦写的,也就是说一张白纸你用钢笔写了一遍以后就不能再用橡皮擦去了,而EPROM这张白纸用铅笔写后可以再擦去,可以反复改变其中数据的存储器。软件修改当然软件修改的方法就相对来说要简单得多了,在Windows中,网卡的MAC保存在注册表中,实际使用也是从注册表中提取的,所以只要修改注册表就可以改变MAC。Windows 9x中修改:打开注册表编辑器,在HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service\Class\Net\下的,0002。Windows 2000/XP中的修改:同样打开注册表编辑器,HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\4D36E970-E325-11CE-BFC1-0 中的,0002中的DriverDesc,如果在0000找到,就在0000下面添加字符串变量,命名为“NetworkAddress”,值为要设置的MAC地址,例如:完成上述操作后重启就好了。一般网卡发出的包的源MAC地址并不是网卡本身写上去的,而是应用程序提供的,只是在通常的实现中,应用程序先从网卡上得到MAC地址,每次发送的时候都用这个MAC作为源MAC而已,而注册表中的MAC地址是在Windows安装的时候从网卡中读入的,只要你的操作系统不重新安装应该问题不大。安全问题MAC地址过滤从上面的介绍可以知道,这种标识方式只是MAC地址基于的,如果有人能够更改MAC地址,就可以盗用IP免费上网了,目前网上针对小区宽带的盗用MAC地址免费上网方式就是基于此这种思路。如果想盗用别人的IP地址,除了IP地址还要知道对应的MAC地址。举个例子,获得局域网内某台主机的MAC地址,比如想得到局域网内名为TARGET主机的MAC地址,先用PING命令:PING TARGET,这样在我们主机上面的ARP表的缓存中就会留下目标地址和MAC映射的记录,然后通过ARP A命令来查询ARP表,这样就得到了指定主机的MAC地址。最后用ARP -s IP 网卡MAC地址,命令把网关的IP地址和它的MAC地址映射起来就可以了。如果要得到其它网段内的MAC地址,那么可以用工具软件来实现,我觉得Windows优化大师中自带的工具不错,点击“系统性能优化”→“系统安全优化”→“附加工具”→“集群Ping”,可以成批的扫出MAC地址并可以保存到文件。相关知识:ARP(Address Resolution Protocol)是地址解析协议,ARP是一种将IP地址转化成物理地址的协议。从IP地址到物理地址的映射有两种方式:表格方式和非表格方式。ARP具体说来就是将网络层(IP层,也就是相当于OSI的第三层)地址解析为数据连接层(MAC层,也就是相当于OSI的第二层)的MAC地址。ARP协议是通过IP地址来获得MAC地址的。ARP原理:某机器A要向主机B发送报文,会查询本地的ARP缓存表,找到B的IP地址对应的MAC地址后就会进行数据传输。如果未找到,则广播A一个ARP请求报文(携带主机A的IP地址Ia——物理地址Pa),请求IP地址为Ib的主机B回答物理地址Pb。网上所有主机包括B都收到ARP请求,但只有主机B识别自己的IP地址,于是向A主机发回一个ARP响应报文。其中就包含有B的MAC地址,A接收到B的应答后,就会更新本地的ARP缓存。接着使用这个MAC地址发送数据(由网卡附加MAC地址)。因此,本地高速缓存的这个ARP表是本地网络流通的基础,而且这个缓存是动态的。ARP表:为了回忆通信的速度,最近常用的MAC地址与IP的转换不用依靠交换机来进行,而是在本机上建立一个用来记录常用主机IP-MAC映射表,即ARP表。解决方案设置MAC地址我们可以将IP地址和MAC地址捆绑起来来解决这个问题。进入“MS-DOS方式”或“命令提示符”,在命令提示符下输入命令:ARP -s 10.88.56.72 00-10-5C-AD-72-E3,即可把MAC地址和IP地址捆绑在一起。这样,就不会出现IP地址被盗用而不能正常使用网络的情况,可以有效保证小区网络的安全和用户的应用。注意:ARP命令仅对局域网的上网代理服务器有用,而且是针对静态IP地址,如果采用Modem拨号上网或是动态IP地址就不起作用。MAC获取不过,只是简单地绑定IP和MAC地址是不能完全的解决IP盗用问题的。作为一个网络供应商,他们有责任为用户解决好这些问题之的后,才交给用户使用,而不是把安全问题交给用户来解决。不应该让用户来承担一些不必要盗用的损失。作为网络供应商,最常用也是最有效的解决方法就是在IP、MAC绑定的基础上,再把端口绑定进去,即IP-MAC-PORT三者绑定在一起,端口(PORT)指的是交换机的端口。这就需要在布线时候做好端口定时管理工作。在布线时应该把用户墙上的接线盒和交换机的端口一一对应,并做好登记工作,然后把用户交上来的MAC地址填入对应的交换机端口,进而再和IP一起绑定,达到IP-MAC-PORT的三者绑定。这样一来,即使盗用者拥有这个IP对应的MAC地址,但是它不可能同样拥有墙上的端口,因此,从物理通道上隔离了盗用者。
获取方法/MAC地址
MAC地址单击开始,点击运行,输入cmd,进入后输入ipconfig /all 即可。(或者输入ipconfig -all)(如图1所示)Physical Address. . . . . . . . . : 00-23-5A-15-99-42单击开始,点击运行,输入cmd,进入后输入getmac即可。MAC地址另外,还可以通过查看本地连接获取MAC地址:依次单击“本地连接”→“状态”——“常规”→“详细信息”。 即可看到MAC地址(实际地址),如图2所示。linux/unix在命令行输入ipconfig即可看到MAC地址,如图3所示:
攻击方法/MAC地址
arp技术ARP欺骗技术已经很成熟了,这里也不再阐述。此次重点讲解如何不用ARP欺骗进行嗅探以及会话劫持的技术原理,实际的攻击方法是进行MAC欺骗的原理,亦即根据附近共享的资源和自带的资源里带有BK,然后取得一些客户资料,算是商业间谍吧,只是这个更隐蔽具有很高的安全性。平常的ID和address都是可以不加密。原理:在开始之前我们先简单了解一下交换机转发过程:交换机的一个端口收到一个数据帧时,首先检查该数据帧的目的MAC地址在MAC地址表(CAM)对应的端口,如果目的端口与源端口不为同一个端口,则把帧从目的端口转发出去,同时更新MAC地址表中源端口与源MAC的对应关系;如果目的端口与源端口相同,则丢弃该帧。
英文资料/MAC地址
In computer networking a Media Access Control address (MAC address) or Ethernet Hardware Address (EHA) or hardware address or adapter address is a quasi-unique identifier attached to most network adapters (NIC or Network Interface Card). It is a number that serves as an identifier for a particular network adapter. Thus network cards (or built-in network adapters) in two different computers will have different MAC addresses, as would an Ethernet adapter and a wireless adapter in the same computer, and as would multiple network cards in a router. However, it is possible to change the MAC address on most of today's hardware, often referred to as MAC spoofing.MAC地址Most layer 2 network protocols use one of three numbering spaces managed by the Institute of Electrical and Electronics Engineers (IEEE): MAC-48, EUI-48, andEUI-64, which are designed to be globally unique. Not all communications protocols use MAC addresses, and not all protocols require globally unique identifiers. The IEEE claims trademarks on the names "EUI-48" and "EUI-64" ("EUI" stands for Extended Unique Identifier).MAC addresses, unlike IP addresses and IPX addresses, are not divided into "host" and "network" portions. Therefore, a host cannot determine from the MAC address of another host whether that host is on the same layer 2 network segment as the sending host or a network segment bridged to that network segment.ARP is commonly used to convert from addresses in a layer 3 protocol such as Internet Protocol (IP) to the layer 2 MAC address. On broadcast networks, such as Ethernet, the MAC address allows each host to be uniquely identified and allows frames to be marked for specific hosts. It thus forms the basis of most of the layer 2 networking upon which higher OSI Layer protocols are built to produce complex, functioning networks.Contents [hide]1 Notational conventions2 Address details2.1 Individual address block3 Bit-reversed notation4 See also5 References6 External links[edit] Notational conventionsThe standard (IEEE 802) format for printing MAC-48 addresses in human-readable media is six groups of two hexadecimal digits, separated by hyphens (-) in transmission order, e.g. 01-23-45-67-89-ab. This form is also commonly used forEUI-64. Other conventions include six groups of two separated by colons (:), e.g. 01:23:45:67:89: or three groups of four hexadecimal digits separated by dots (.), e.g.
again in transmission order.[edit] Address detailsThe original IEEE 802 MAC address comes from the original Xerox Ethernet addressing scheme. This 48-bit address space contains potentially 248 or 281,474,976,710,656 possible MAC addresses.All three numbering systems use the same format and differ only in the length of the identifier. Addresses can either be "universally administered addresses" or "locally administered addresses."A universally administered address is uniquely assigned to a device these are sometimes called "burned-in addresses" (BIA). The first three octets (in transmission order) identify the organization that issued the identifier and are known as the Organizationally Unique Identifier (OUI). The following three (MAC-48 and EUI-48) or five (EUI-64) octets are assigned by that organization in nearly any manner they please, subject to the constraint of uniqueness. The IEEE expects the MAC-48 space to be exhausted no sooner than the year 2100;EUI-64s are not expected to run out in the foreseeable future.A locally administered address is assigned to a device by a network administrator, overriding the burned-in address. Locally administered addresses do not contain OUIs.Universally administered and locally administered addresses are distinguished by setting the second least significant bit of the most significant byte of the address. If the bit is 0, the address is universally administered. If it is 1, the address is locally administered. The bit is 0 in all OUIs. For example, The most significant byte is 02h. The binary is
and the second least significant bit is 1. Therefore, it is a locally administered address.If the least significant bit of the most significant byte is set to a 0, the packet is meant to reach only one receiving NIC. This is called unicast. If the least significant bit of the most significant byte is set to a 1, the packet is meant to be sent only once but still reach several NICs. This is called multicast.MAC-48 and EUI-48 addresses are usually shown in hexadecimal format, with each octet separated by a dash or colon. An example of a MAC-48 address would be "00-08-74-4C-7F-1D". If you cross-reference the first three octets with IEEE's OUI assignments,you can see that this MAC address came from Dell Computer Corp. The last three octets represent the serial number assigned to the adapter by the manufacturer.The following technologies use the MAC-48 identifier format:Ethernet802.11wireless networksBluetoothIEEE 802.5token ringmost other IEEE 802 networksFDDIATM (switched virtual connections only, as part of an NSAP address)Fibre Channel and Serial Attached SCSI (as part of a World Wide Name)The distinction between EUI-48 and MAC-48 identifiers is purely semantic: MAC-48 is used
EUI-48 is used to identify other devices and software. (Thus, by definition, an EUI-48 is not in fact a "MAC address", although it is syntactically indistinguishable from one and assigned from the same numbering space.)The IEEE now considers the label MAC-48 to be an obsolete term which was previously used to refer to a specific type of EUI-48 identifier used to address hardware interfaces within existing 802-based networking applications and should not be used in the future. Instead, the term EUI-48 should be used for this purpose.EUI-64 identifiers are used in:FireWireIPv6 (as the low-order 64 bits of a unicast network address when temporary addresses are not being used)ZigBee /802.15.4wireless personal-area networksThe IEEE has built in several special address types to allow more than one Network Interface Card to be addressed at one time:Packets sent to the broadcast address, all one bits, are received by all stations on a local area network. In hexadecimal the broadcast address would be "FF:FF:FF:FF:FF:FF".Packets sent to a multicast address are received by all stations on a LAN that have been configured to receive packets sent to that address.Functional addresses identify one of more Token Ring NICs that provide a particular service, defined in IEEE 802.5.These are "group addresses", as opposed to "individual addresses"; the least significant bit of the first octet of a MAC address distinguishes individual addresses from group addresses. That bit is set to 0 in individual addresses and 1 in group addresses. Group addresses, like individual addresses, can be universally administered or locally administered.In addition, the EUI-64 numbering system encompasses both MAC-48 and EUI-48 identifiers by a simple translation mechanism. To convert a MAC-48 into an EUI-64, copy the OUI, append the two octets "FF-FF", and then copy the organization-specified part. To convert an EUI-48 into an EUI-64, the same process is used, but the sequence inserted is "FF-FE". In both cases, the process can be trivially reversed when necessary. Organizations issuing EUI-64s are cautioned against issuing identifiers that could be confused with these forms. The IEEE policy is to discourage new uses of 48-bit identifiers in favor of the EUI-64 system.IPv6—one of the most prominent standards that usesEUI-64—applies these rules inconsistently. Due to an error in the appendix to the specification of IPv6 addressing, it is standard practice to extend MAC-48 addresses (such as IEEE 802 MAC address) to EUI-64 using "FF-FE" rather than "FF-FF."[edit] Individual address blockAn Individual Address Block comprises a 24-bit OUI managed by the IEEE Registration Authority, followed by 12 IEEE-provided bits (identifying the organization), and 12 bits for the owner to assign to individual devices. An IAB is ideal for organizations requiring fewer than 4097 unique 48-bit numbers (EUI-48).[edit] Bit-reversed notationThe standard transmission order notation for MAC addresses, as seen in the output of the ifconfig command for example, is also called canonical format.However, sinceIEEE 802.3(Ethernet) and IEEE 802.4 (Token Bus) send the bits over the wire with least significant bit first, while IEEE 802.5 (Token Ring) and IEEE 802.6 send the bits over the wire with most significant bit first, confusion may arise where an address in the latter scenario is represented with bits reversed from the canonical representation. So for instance, an address whose canonical form is 12-34-56-78-9A-BC would be transmitted over the wire as bits 10 01 in the standard transmission order (least significant bit first). But for Token Ring networks, it would be transmitted as bits 10 00 in most significant bit first order. If care is not taken to translate correctly and consistently to the canonical representation, the latter might be displayed as 482C6A1E593D, which could cause confusion. This would be referred to as "Bit-reversed order", "Non-canonical form", "MSB format", "IBM format", or "Token Ring format" as explained by RFC 2469. Canonical form is preferred[who?].[edit] See alsoNSAP address, another endpoint addressing scheme.Cisco Hot Standby Router Protocol or standard alternative VRRP Virtual router redundancy protocol, which allows multiple routers to share one IP address and MAC address to provide router redundancy. The OpenBSD project has an open source alternative, the Common Address Redundancy Protocol (CARP).
FAQ/MAC地址
介绍:这个实例用IP-以太网说明组播和太网组播的关系,及以太网组播的细节过程。什么是IP组播?协议层常需要和组群打交道,进行发现、通知、查询等工作。IP用组播IP地址在第三层组播,一个multicast IP address 可以有多个成员,组播数据包会被IP层路由器转发到组群成员所在的路由器,然后用以太网的组播功能把数据包送到组播成员的网卡接口。例,OSPF 用Hello来发现局域网中的OSPF邻居,HSRP发送Hello组播包把自己的状态通知其它的HSRP路由器,组播的路由器可以从一个技术终端发到任何的连接点,成为共享资源,其中一些被屏蔽的信息参数就有可能不被加密而被后面的连接点所共享,并且有收藏及版权,因为这些的流通的数据电脑是不会记录数据传输及浏览痕迹,正所谓有利就有弊。以太网怎么组播 (multicast)的?以太网具有广播属性,一个节点发送的数据包会被以太网洪泛,导致每一个以太网网卡接口都会收到这个数据包,有的时候会造成数据的泛滥和垃圾资源的共享,这样的就造成了大量的BK的携带更加方便与隐蔽,我的建议是给自己的IP设置一个屏蔽的功能或是设置一定的访问权限,安装类似防火墙的POB,对于外界即使是可以共享的资源软件具备筛选的功能。接口收到数据包后,并不马上交给节点CPU处理,而是进行MAC地址比较,如果数据包的目的MAC,这样有的人会觉得麻烦,只是个温暖的建议,地址和接口的MAC地址一样,它才接受,把数据包交给计算机,否则就把数据包丢弃。组群成员的网卡接口除了硬件MAC地址 (unicast MAC),还有组播MAC地址 (multicast MAC)。接口收到组播包,会把此包的目的MAC地址 (是个组播MAC)和自己的MAC地址比较,如果组播地址相同,就会接受此包。这样,局网内这个组群的所有成员,都会收到送往该组群的组播包。但是,IP的组播地址和以太网接口的组播MAC地址是什么关系呢?IP-Ethernet 的组播地址有什么关系?许多MAC组播地址是从IP组播地址转换而来,这就是所谓的资源共享,选择的时候需谨慎。例,OSPF IP组播地址是224.0.0.5, 转换为相应的MAC组播地址如下:把IP地址(32位)用二进制表现 000101然后抽出最右边的23叫做A 000101把IEE定义的组播01:00:5e作为B. B有24位 (二进制是 10)合成相应的MAC组播地址如下:连接 B,0,A: B有24位,在左边; 0是一位,在中间,A有23位,在右边。共48位。. 二进制是 10:000101十六进制是 01:00:5e:00:00:05有多少个IP组播地址?答:IP协议把224.0.0.0 ~ 239.255.255.255之间的IP地址都用做IP组播地址。以下列出前几个组播地址。 224.0.0.0 Base address (reserved) 224.0.0.1 The All Hosts multicast group that contains all systems on the same network segment 224.0.0.2 The All Routers multicast group that contains all routers on the same network segment 224.0.0.5 The Open Shortest Path First (OSPF) AllSPFRouters address. Used to send Hello packets to all OSPF routers on a network segment 224.0.0.6。The OSPF AllDRouters address. Used to send OSPF routing information to OSPF designated routers on a network segment 224.0.0.9 The RIP version 2 group address. Used to send routing information using the RIP protocol to all RIP v2-aware routers on a network segment 224.0.0.10 EIGRP group address. Used to send EIGRP routing information to all EIGRP routers 。 5) 有没有以太网专用的MAC组播地址?以下列出一些以太网专用的组播地址 Ethernet multicast address Type Field Usage 01-00-0C-CC-CC-CC 0x0802 CDP (Cisco Discovery Protocol), VTP (VLAN Trunking ) 01-00-0C-CC-CC-CD 0x0802 Cisco Shared Spanning Tree Protocol Address 01-80-C2-00-00-00 0x0802 Spanning Tree Protocol (for bridges) IEEE 802.1D
传递/MAC地址
【注】为突出重点,本文只讨论IP-以太网的知识点。IP-以太网怎么配合传送数据包? IP的任务是把原计算机发送的数据包经路由器转发到最后一站路由器,然后以太网把数据包从路由器传送给目的计算机。方法是使用数据包的报头: - 把IP报头的目的IP地址设为目的计算机的IP地址,路由器根据1这个地址查看路由表而把数据包转发到 下一站。一站一站的发展,最后把数据包转发到目的计算机所在的路由器。 - 把Link报头的目的MAC地址设为目的计算机的MAC地址。以太网洪泛,把数据包收到每一段网内的决定, 但只有目的计算机会接受,其它节点不会接受。2)路由器怎么转发数据包?路由协议计算出传送路径,存放在路由器的路由表里。路由器上的数据包时,抽出报头里的目的计算机的目的IP地址,路由查看路由表,找到下一站的接口,把数据包从这个接口转发,抵达下一站。IP地址,路由器转发。以太网怎么把数据包传递给目的计算机? 以太网内的计算机用网卡连接到以太网。一个网卡可以有几个接口1。每个网卡接口都配置一个IP地址,和一个固定的硬件地址 (hardware address),也叫做单播MAC地址 (Unicast MAC)。 由于以太网有广播的属性,数据包经路由器的以太网接口转发时,会被洪泛到以太网中所有的接口,网卡接口在收到一个数据包时,把数据包的目的MAC地址和自己的unicast MAC地址比较,若相同,就接受此包,否则丢弃。这样,只有接收方的技术会接收此包,其它接口会丢弃此包。怎么配置数据包的报头?计算机发送信息前得先封装报头,把报头和数据合起来,成为一个数据包,发送时以数据包为单位。 - 数据 (payload) 是计算机所要传递的信息。 - 报头(header) 包含网络设备、协议所需的控制信息,与OSI模式的layer相应。常见的报头有link, IP, transport 等 (二,三,四层)。
&|&相关影像
互动百科的词条(含所附图片)系由网友上传,如果涉嫌侵权,请与客服联系,我们将按照法律之相关规定及时进行处理。未经许可,禁止商业网站等复制、抓取本站内容;合理使用者,请注明来源于。
登录后使用互动百科的服务,将会得到个性化的提示和帮助,还有机会和专业认证智愿者沟通。
此词条还可添加&
编辑次数:20次
参与编辑人数:16位
最近更新时间: 02:33:36
申请可获得以下专属权利:
贡献光荣榜
