Zte ZXR10 2928E - The Solution to ARP Attack in Campus Network

To Next Page

To Previous Page

Chapter6Maintenance

ofserverandswitcharenotsame.Whentheback-endcongurationofaccountingand

authenticationserverischecked,itisfoundthatthesharedkeycongurationofaccess

layerswitchofB1–B3iswrong,theoriginalkey“amtium”isconguredas“antium”now,

whichcausestheunsuccessfulauthenticationnegotiationoftwodevicesandthatuser

authenticationfailure.

Solution

WhentheengineerofcompanyBchangesthepasswordas“amtium”andhavechecked

fortwodays,thefaultsuchas“authenticationtimeout”doesnotappear.Theproblemis

resolvedcompletely.

6.3.9TheSolutiontoARPAttackinCampusNetwork

FaultPhenomenon

The11accesslayerswitchesZXR102900EofthesameVLANinthestudentdormitory

buildingcannotconnectthenetwork.Itcausesthatfortypercentofusersofthebuilding

cannotaccessthenetwork.

FaultAnalysisandLocation

Checkthenetworkmanagementsystem,ndthattheelevenswitchesaredisconnected

andfailtobepingedthrough.Themaintenancepersonnelarrivesattheweakelectricity

well,accessesoneoftheswitchbyHyperT erminal,theIPaddressis172.168.0.123.

TheCPUutilizationreaches93%~100%.Checkthealarminformationandconguration

information,theabnormalityisnotfound.AccesstheconvergencelayerswitchT40G,

ndthealarmthat“port4receivesmoreARPbroadcastpackets”.Checkthetrafc

informationofthisportbycommand,ndthataboutonehundredthousandbroadcast

packetsareaddedeverytenseconds.

AnalyzetheaccessswitchZXR102900Eofthisportandndthefollowingconditions:

1.Thereisloopontheuserside.

2.Userhosthasthevirusandsendsbroadcastpacketcontinuously.

3.UserhostinstallstheARPattacksoftwareandsendsARPattackpacketcontinuously.

CheckthattheIPaddressoftheZXR102900Econnectedwiththisportoftheconvergence

layerswitchis172.168.0.111.Theuserconnectstheswitchbythenetworkcableanddoes

thepacketsnifngandndthatthehostwiththeMACaddress“00:19:e0:a9:5a:fc”sends

theARPbroadcastpacketcontinuously.Accordingtothelabelofthenetworkcable,nd

thatthehostisfrom2606dormitory.Pulloutthenetworkcableofthehost,theeleven

switchesrecovernormalandCPUutilizationisnomorethan5%.

Solution

1.FiltertheMACaddressofthisPCwithfaultontheaccesslayerswitchandprohibitthe

PCfromaccessingtheinternet,whichpreventsitfrominuencingtheotherusers

6-9

SJ-20120409144109-002|2012-07-02(R1.0)ZTEProprietaryandCondential

Related product manuals