我建议你可以优先排查一下与光线直接连接的交换机上的光线模块是不是正常。
> 在 2016年4月21日,14:53,Iridium Yang <[email protected]> 写道: > > 物理线路可以确定没有问题。已经请物业测试了光纤和网线,而且同一问题在多个不同的地方都能复现。 > 如何确定arp攻击呢?arpwatch? > > Wang Shanker <[email protected] > <mailto:[email protected]>>于2016年4月21日周四 下午2:36写道: > 问网关 mac 的 ARP 的包很多,这个现象并不必然说明问题是私设 IP 造成的。 > > 私设 IP,只要这个人私设的 IP 不是网关的 IP,顶多就是冲突掉另一个用户,不会造成大规模的用户故障。 > > 询问网关的 ARP 包多,恰恰说明大面积用户经常出现与网关连通出现故障的问题(正是因为连不上了,所以才去用 ARP > 问)。所以要调查你们的交换机和网关的连通性的问题,先从物理线路查起。 > > 本邮件具有数字签名,敬请核对。 > 王邈 > 清华大学计算机科学与技术系 > 电话:+86 130-5186-7712 > 通信地址:北京市海淀区清华大学紫荆公寓2号楼307A 100084 > > Please verify the digital signature attached with the e-mail. > Miao Wang > Department of Computer Science and Technology, Tsinghua University > Tel.: +86 130-5186-7712 > Add.: Room 307A, No.2 Zijing Building, Tsinghua University, Peking. P.R.C. > 100084 > > >> 在 2016年4月21日,14:30,杨海宇 <[email protected] <mailto:[email protected]>> 写道: >> > >> 在 2016年4月20日星期三 UTC+8下午2:03:55,Justin Wong写道: >>> 话不能这么说,大家都是学生。TUNA 这么多项目,也没赚过一分钱,都是技术兴趣。 >>> >>> >>> >>> >>> 如果真要按报酬来,业界标准¥100-200/hr,可能我们两小时解决了,也就几百块钱。 >>> >>> >>> >>> >>> 跑题了,敢问楼主的问题解决的怎样? >>> >>> >>> >>> >>> >>> -- >>> >>> >>> Justin Wong >>> >>> >>> >>> >>> On Wed, Apr 20, 2016, at 13:34, Xin Yue wrote: >>> >>> >>> >>> >>> 说句良心话,华三都搞不定的问题,巨巨给你解决了,才只是帮助争取一下勤工助学的报酬。。。 >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> -- >>> >>> >>> "Across the Great Wall we can reach every corner in the world" >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> 在 2016年4月20日 下午1:25,Justin Wong <[email protected] <http://bigeagle.me/>>写道: >>> >>> >>> >>> >>> >>> >>> 抓住个滥用ARP的现行 >>> >>> >>> >>> >>> >>> >>> -- >>> >>> >>> Justin Wong >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> On Wed, Apr 20, 2016, at 13:24, Sam Stoelinga wrote: >>> >>> >>> >>> 你可以试试分配IP后,保证IP不会被别人抢了,通过不停的发ARP broadcast。 >>> >>> >>> >>> >>> >>> arping -I enp0s25 -U -b 166.111.144.152 >>> >>> >>> >>> >>> >>> 166.111.144.152 should be IP that the dhcp server gave you. >>> >>> >>> >>> >>> >>> >>> >>> >>> 2016-04-19 16:11 GMT+08:00 Wang Shanker <[email protected] >>> <http://gmail.com/>>: >>> >>> >>> 这么搞也可以防止 arp 攻击。 >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>>> 在 2016年4月19日,16:10,Justin Wong <[email protected] <http://bigeagle.me/>> 写道: >>> >>> >>>> >>> >>> >>>> 打开DHCP snooping可以禁止手动设置IP,ARP攻击怎么防我还真不知道 >>> >>> >>>> >>> >>> >>>> -- >>> >>> >>>> Justin Wong >>> >>> >>>> >>> >>> >>>> On Tue, Apr 19, 2016, at 16:09, 杨海宇 wrote: >>> >>> >>>>> 在 2016年4月19日星期二 UTC+8下午4:03:26,Justin Wong写道: >>> >>> >>>>>> 难道说因为 IP 不够分引起了一些人不爽所以发起 ARP 攻击抢 IP? >>> >>> >>>>>> >>> >>> >>>>>> -- >>> >>> >>>>>> Justin Wong >>> >>> >>>>>> >>> >>> >>>>>> On Tue, Apr 19, 2016, at 16:01, Wang Shanker wrote: >>> >>> >>>>>>> 不会,如果 ip 分光了, dhcp 服务器会拒绝继续分配 ip 地址,不会出现时断时续的问题。 >>> >>> >>>>>>> >>> >>> >>>>>>> 发自我的 iPhone >>> >>> >>>>>>> >>> >>> >>>>>>>> 在 2016年4月19日,15:59,杨海宇 <[email protected] <http://gmail.com/>> 写道: >>> >>> >>>>>>>> >>> >>> >>>>>>>> 有同学觉得是ip地址不够分配了,毕竟我们整个系只有/24一个段。可是如果是ip不够用会是这个现象吗? >>> >>> >>>>>>>> >>> >>> >>>>>>>> >>> >>> >>>>>>>> 在 2016年4月19日星期二 UTC+8下午2:06:19,杨海宇写道: >>> >>> >>>>>>>>> 各位巨巨好, >>> >>> >>>>>>>>> 我是热能系的硕士,潜水N年。现在李兆基大楼网络有很多问题,到网关和同网段ip丢包严重,平均60%。经常性出现ip冲突。因为负责网络的人非常不靠谱,只好找金枪鱼求助,恳请有时间的巨巨来指导一下。 >>> >>> >>>>>>>>> 李兆基大楼现在是机械学院很多系的系馆,包括热能系汽车系训练中心。目前环境是光纤到实验室,实验室自己配置交换机。不同系在不同vlan下面,热能系ip段101.6.62.1/24 >>>>>>>>> <http://101.6.62.1/24>,汽车系166.111.144.1/24 >>>>>>>>> <http://166.111.144.1/24>(不确定)。行政上,网络由华三提供的解决方案,出问题应该由大楼物业负责,然而物业的网管师傅水平很渣,只会检查网线和光纤通不通。华三的人也来过,但没有查出什么问题。现在的问题是到网关和同网段ip丢包严重(mtr结果在后面),热能系、汽车系不同实验室都存在相同的问题,应该能排除自己交换机的问题。不知道如果是可供使用的ip不够,是否会出现这个问题? >>> >>> >>>>>>>>> 实验室老板让我看看怎么搞,我说另请高明吧,我实在也不是谦虚。老板说系里决定了,由你负责解决。我当时并没有念诗,所以只好求助网管会的各位巨巨。需要巨巨们到现场看一下环境,排查一下问题。如果需要的话,我会和老板争取一下报酬,通过勤工助学的方式给巨巨一些补贴。 >>> >>> >>>>>>>>> 如果哪位巨巨有时间有兴趣,请联系我:15210582389,微信:yang_hai_yu,email: >>> >>> >>>>>>>>> [email protected] <http://foxmail.com/> / [email protected] >>>>>>>>> <http://gmail.com/> >>> >>> >>>>>>>>> >>> >>> >>>>>>>>> >>> >>> >>>>>>>>> 一些结果: >>> >>> >>>>>>>> >>> >>> >>>>>>>> -- >>> >>> >>>>>>>> >>> >>> >>>>>>>> --- >>> >>> >>>>>>>> You received this message because you are subscribed to the Google >>>>>>>> Groups "TUNA 主邮件列表" group. >>> >>> >>>>>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>>>>> an email to [email protected] >>>>>>>> <http://googlegroups.com/>. >>> >>> >>>>>>>> To post to this group, send email to [email protected] >>>>>>>> <http://googlegroups.com/>. >>> >>> >>>>>>>> For more options, visit https://groups.google.com/d/optout >>>>>>>> <https://groups.google.com/d/optout>. >>> >>> >>>>>>> >>> >>> >>>>>>> -- >>> >>> >>>>>>> >>> >>> >>>>>>> --- >>> >>> >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups >>> >>> >>>>>>> "TUNA 主邮件列表" group. >>> >>> >>>>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>>>> an >>> >>> >>>>>>> email to [email protected] <http://googlegroups.com/>. >>> >>> >>>>>>> To post to this group, send email to [email protected] >>>>>>> <http://googlegroups.com/>. >>> >>> >>>>>>> For more options, visit https://groups.google.com/d/optout >>>>>>> <https://groups.google.com/d/optout>. >>> >>> >>>>>>> Email had 1 attachment: >>> >>> >>>>>>> + smime.p7s >>> >>> >>>>>>> 3k (application/pkcs7-signature) >>> >>> >>>>> >>> >>> >>>>> 我明天去检查一下arp。 >>> >>> >>>>> 另外,只打开dhcp snooping可以防止arp攻击吗,可以禁止手动设置ip吗? >>> >>> >>>>> >>> >>> >>>>> -- >>> >>> >>>>> >>> >>> >>>>> --- >>> >>> >>>>> You received this message because you are subscribed to the Google Groups >>> >>> >>>>> "TUNA 主邮件列表" group. >>> >>> >>>>> To unsubscribe from this group and stop receiving emails from it, send an >>> >>> >>>>> email to [email protected] <http://googlegroups.com/>. >>> >>> >>>>> To post to this group, send email to [email protected] >>>>> <http://googlegroups.com/>. >>> >>> >>>>> For more options, visit https://groups.google.com/d/optout >>>>> <https://groups.google.com/d/optout>. >>> >>> >>>> >>> >>> >>>> -- >>> >>> >>>> >>> >>> >>>> --- >>> >>> >>>> You received this message because you are subscribed to the Google Groups >>>> "TUNA 主邮件列表" group. >>> >>> >>>> To unsubscribe from this group and stop receiving emails from it, send an >>>> email to [email protected] <http://googlegroups.com/>. >>> >>> >>>> To post to this group, send email to [email protected] >>>> <http://googlegroups.com/>. >>> >>> >>>> For more options, visit https://groups.google.com/d/optout >>>> <https://groups.google.com/d/optout>. >>> >>> >>> >>> >>> >>> -- >>> >>> >>> >>> >>> >>> --- >>> >>> >>> You received this message because you are subscribed to the Google Groups >>> "TUNA 主邮件列表" group. >>> >>> >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to [email protected] <http://googlegroups.com/>. >>> >>> >>> To post to this group, send email to [email protected] >>> <http://googlegroups.com/>. >>> >>> >>> For more options, visit https://groups.google.com/d/optout >>> <https://groups.google.com/d/optout>. >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> -- >>> >>> >>> >>> >>> >>> --- >>> >>> >>> You received this message because you are subscribed to the Google Groups >>> "TUNA 主邮件列表" group. >>> >>> >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to [email protected] <http://googlegroups.com/>. >>> >>> >>> To post to this group, send email to [email protected] >>> <http://googlegroups.com/>. >>> >>> >>> For more options, visit https://groups.google.com/d/optout >>> <https://groups.google.com/d/optout>. >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> -- >>> >>> >>> >>> >>> --- >>> >>> >>> You received this message because you are subscribed to the Google Groups >>> "TUNA 主邮件列表" group. >>> >>> >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to [email protected] <http://googlegroups.com/>. >>> >>> >>> To post to this group, send email to [email protected] >>> <http://googlegroups.com/>. >>> >>> >>> For more options, visit https://groups.google.com/d/optout >>> <https://groups.google.com/d/optout>. >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> -- >>> >>> >>> >>> >>> --- >>> >>> >>> You received this message because you are subscribed to the Google Groups >>> "TUNA 主邮件列表" group. >>> >>> >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to [email protected] <http://googlegroups.com/>. >>> >>> >>> To post to this group, send email to [email protected] >>> <http://googlegroups.com/>. >>> >>> >>> For more options, visit https://groups.google.com/d/optout >>> <https://groups.google.com/d/optout>. >>> >>> >>> >> 确实有非常多到网关的arp请求。而且还看到了duplicate use of xxx. >> >> 我们系自己的学生网管建议过别的学生和老师如果dhcp分不到ip,就自己手动设置一个。。。所以现在肯定有一些人的ip是自己设置的静态ip,不是从dhcp那里拿到的。会不会与问题有关? >> 自己试了一下,给自己设置一个静态ip是可以用的,但是我要求华三的人在所有楼层交换机上打开dhcp >> snooping了(可能并不是华三的人,只是个代理商或者只是给大楼建网络的公司的人)。 >> 上次的问题是有人把路由器接反了,导致很多人分到了192.168.0.1/24 <http://192.168.0.1/24>的私有ip,打开了dhcp >> snooping之后没再出现这种问题。难道是华三的这个功能我理解错了?或者干脆就没有打开? >> 华三某配置指南上有写: >> >>> 为防止非法用户通过配置静态 IP 地址的方式接入网络,在用户所在 VLAN 内启用 ARP Detection >> 功能(本例为缺省 VLAN 1 内),基于 DHCP Snooping 表项对用户进行合法性检查,保证合法用户可以正常转发报文 >> >> dhcp snooping和ARP Detection是什么关系? >> >> PS:话说为什么回复不能加附件了。。。粘贴了一些抓包的结果 >> >> 7451 76.294550000 Giga-Byt_44:29:8f Broadcast ARP 60 >> Who has 101.6.62.1? Tell 101.6.62.195 (duplicate use of 101.6.62.195 >> detected!) >> 7453 76.332446000 Micro-St_b4:a0:85 Broadcast ARP 60 >> Who has 101.6.62.1? Tell 101.6.62.233 >> 7454 76.334221000 SuperMic_6c:a8:1b Broadcast ARP 60 >> Who has 101.6.62.1? Tell 101.6.62.91 >> 7458 76.351186000 Tp-LinkT_e8:79:f4 Broadcast ARP 60 >> Who has 192.168.1.105? Tell 192.168.1.1 (duplicate use of 192.168.1.1 >> detected!) >> 7466 76.377746000 WistronI_b3:79:99 Broadcast ARP 60 >> Who has 101.6.62.1? Tell 101.6.62.176 >> 7475 76.576748000 Dell_ae:c3:97 Broadcast ARP 60 Who has >> 101.6.62.1? Tell 101.6.62.62 >> 7482 76.676673000 HewlettP_5a:54:b7 Broadcast ARP 60 >> Who has 101.6.62.145? Tell 101.6.62.148 >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "TUNA 主邮件列表" group. > >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] >> <mailto:[email protected]>. > >> >> To post to this group, send email to [email protected] >> <mailto:[email protected]>. >> For more options, visit https://groups.google.com/d/optout >> <https://groups.google.com/d/optout>. > > > -- > > --- > You received this message because you are subscribed to a topic in the Google > Groups "TUNA 主邮件列表" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/tuna-general/EDgtI-p6rmQ/unsubscribe > <https://groups.google.com/d/topic/tuna-general/EDgtI-p6rmQ/unsubscribe>. > To unsubscribe from this group and all its topics, send an email to > [email protected] > <mailto:[email protected]>. > To post to this group, send email to [email protected] > <mailto:[email protected]>. > For more options, visit https://groups.google.com/d/optout > <https://groups.google.com/d/optout>. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "TUNA 主邮件列表" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] > <mailto:[email protected]>. > To post to this group, send email to [email protected] > <mailto:[email protected]>. > For more options, visit https://groups.google.com/d/optout > <https://groups.google.com/d/optout>. -- --- You received this message because you are subscribed to the Google Groups "TUNA 主邮件列表" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. For more options, visit https://groups.google.com/d/optout.
smime.p7s
Description: S/MIME cryptographic signature
