你是否能得到楼里的网络拓扑?交换机权限之类? 比如不同楼层是否在一个vlan或者一个交换机下?是否存在一个出现这个问题的最大子树? (说一下电子系网管老师解决全楼ARP故障的方法:用二分切断交换机法确定故障楼层,再继续用二分断网法确定攻击源…… -- Justin Wong On Thu, Apr 21, 2016, at 16:27, Iridium Yang wrote: > 请教如何检查链路问题?我还是觉得链路没有问题,毕竟N个实验室都有相同的问题。。 > 另外我用XArp确实检测到了大量大量的arp攻击 > > Justin Wong <[email protected]>于2016年4月21日周四 下午2:53写道: >> __ >> 王邈说的是对的,应该先查二层连接是否正常,收到大量ARP请求,可能说明楼层一级的接入交换机到网关之间的链路出现问题。 >> >> p.s. 跑个题,尽量不要在邮件底部回复,有些折叠不太智能的客户端要找好久…… >> >> -- >> Justin Wong >> >> >> >> On Thu, Apr 21, 2016, at 14:36, Wang Shanker wrote: >>> 问网关 mac 的 ARP 的包很多,这个现象并不必然说明问题是私设 IP 造成的。 >>> >>> 私设 IP,只要这个人私设的 IP 不是网关的 IP,顶多就是冲突掉另一个用户,不会造成大规模的用户故障。 >>> >>> 询问网关的 ARP 包多,恰恰说明大面积用户经常出现与网关连通出现故障的问题(正是因为连不上了,所以才去用 ARP >>> 问)。所以要调查你们的交换机和网关的连通性的问题,先从物理线路查起。 >>> >>> 本邮件具有数字签名,敬请核对。 >>> 王邈 清华大学计算机科学与技术系 电话:+86 130-5186-7712 通信地址:北京市海淀区清华大学紫荆公寓2号楼307A >>> 100084 >>> >>> Please verify the digital signature attached with the e-mail. Miao >>> Wang Department of Computer Science and Technology, Tsinghua >>> University Tel.: +86 130-5186-7712 Add.: Room 307A, No.2 Zijing >>> Building, Tsinghua University, Peking. P.R.C. 100084 >>> >>>> 在 2016年4月21日,14:30,杨海宇 <[email protected]> 写道: >>>> >>>> 在 2016年4月20日星期三 UTC+8下午2:03:55,Justin Wong写道: >>>>> 话不能这么说,大家都是学生。TUNA 这么多项目,也没赚过一分钱,都是技术兴趣。 >>>>> >>>>> >>>>> >>>>> >>>>> 如果真要按报酬来,业界标准¥100-200/hr,可能我们两小时解决了,也就几百块钱。 >>>>> >>>>> >>>>> >>>>> >>>>> 跑题了,敢问楼主的问题解决的怎样? >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> >>>>> Justin Wong >>>>> >>>>> >>>>> >>>>> >>>>> On Wed, Apr 20, 2016, at 13:34, Xin Yue wrote: >>>>> >>>>> >>>>> >>>>> >>>>> 说句良心话,华三都搞不定的问题,巨巨给你解决了,才只是帮助争取一下勤工助学的报酬。。。 >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> >>>>> "Across the Great Wall we can reach every corner in the world" >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> 在 2016年4月20日 下午1:25,Justin Wong <[email protected]>写道: >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> 抓住个滥用ARP的现行 >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> >>>>> Justin Wong >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> On Wed, Apr 20, 2016, at 13:24, Sam Stoelinga wrote: >>>>> >>>>> >>>>> >>>>> 你可以试试分配IP后,保证IP不会被别人抢了,通过不停的发ARP broadcast。 >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> arping -I enp0s25 -U -b 166.111.144.152 >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> 166.111.144.152 should be IP that the dhcp server gave you. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> 2016-04-19 16:11 GMT+08:00 Wang Shanker <[email protected][1]>: >>>>> >>>>> >>>>> 这么搞也可以防止 arp 攻击。 >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>> 在 2016年4月19日,16:10,Justin Wong <[email protected][2]> 写道: >>>>> >>>>> >>>>>> >>>>> >>>>> >>>>>> 打开DHCP snooping可以禁止手动设置IP,ARP攻击怎么防我还真不知道 >>>>> >>>>> >>>>>> >>>>> >>>>> >>>>>> -- >>>>> >>>>> >>>>>> Justin Wong >>>>> >>>>> >>>>>> >>>>> >>>>> >>>>>> On Tue, Apr 19, 2016, at 16:09, 杨海宇 wrote: >>>>> >>>>> >>>>>>> 在 2016年4月19日星期二 UTC+8下午4:03:26,Justin Wong写道: >>>>> >>>>> >>>>>>>> 难道说因为 IP 不够分引起了一些人不爽所以发起 ARP 攻击抢 IP? >>>>> >>>>> >>>>>>>> >>>>> >>>>> >>>>>>>> -- >>>>> >>>>> >>>>>>>> Justin Wong >>>>> >>>>> >>>>>>>> >>>>> >>>>> >>>>>>>> On Tue, Apr 19, 2016, at 16:01, Wang Shanker wrote: >>>>> >>>>> >>>>>>>>> 不会,如果 ip 分光了, dhcp 服务器会拒绝继续分配 ip 地址,不会出现时断时续的问题。 >>>>> >>>>> >>>>>>>>> >>>>> >>>>> >>>>>>>>> 发自我的 iPhone >>>>> >>>>> >>>>>>>>> >>>>> >>>>> >>>>>>>>>> 在 2016年4月19日,15:59,杨海宇 <[email protected][3]> 写道: >>>>> >>>>> >>>>>>>>>> >>>>> >>>>> >>>>>>>>>> 有同学觉得是ip地址不够分配了,毕竟我们整个系只有/24一个段。可是如果是ip不够用会是这个现象吗? >>>>> >>>>> >>>>>>>>>> >>>>> >>>>> >>>>>>>>>> >>>>> >>>>> >>>>>>>>>> 在 2016年4月19日星期二 UTC+8下午2:06:19,杨海宇写道: >>>>> >>>>> >>>>>>>>>>> 各位巨巨好, >>>>> >>>>> >>>>>>>>>>> 我是热能系的硕士,潜水N年。现在李兆基大楼网络有很多问题,到网关和同网段ip丢包严重,平均60%。经常性出现ip冲突。- >>>>>>>>>>> 因为负责网络的人非常不靠谱,只好找金枪鱼求助,恳请有时间的巨巨来指导一下。 >>>>> >>>>> >>>>>>>>>>> 李兆基大楼现在是机械学院很多系的系馆,包括热能系汽车系训练中心。目前环境是光纤到实验室,实验室自己配置交换机。不同系在- >>>>>>>>>>> 不同vlan下面,热能系ip段101.6.62.1/24,汽车系166.111.144.1/24(不确定)。行政上,网- >>>>>>>>>>> 络由华三提供的解决方案,出问题应该由大楼物业负责,然而物业的网管师傅水平很渣,只会检查网线和光纤通不通。华三的人也来过- >>>>>>>>>>> ,但没有查出什么问题。现在的问题是到网关和同网段ip丢包严重(mtr结果在后面),热能系、汽车系不同实验室都存在相同的- >>>>>>>>>>> 问题,应该能排除自己交换机的问题。不知道如果是可供使用的ip不够,是否会出现这个问题? >>>>> >>>>> >>>>>>>>>>> 实验室老板让我看看怎么搞,我说另请高明吧,我实在也不是谦虚。老板说系里决定了,由你负责解决。我当时并没有念诗,所以只好- >>>>>>>>>>> 求助网管会的各位巨巨。需要巨巨们到现场看一下环境,排查一下问题。如果需要的话,我会和老板争取一下报酬,通过勤工助学的方- >>>>>>>>>>> 式给巨巨一些补贴。 >>>>> >>>>> >>>>>>>>>>> 如果哪位巨巨有时间有兴趣,请联系我:15210582389,微信:yang_hai_yu,email: >>>>> >>>>> >>>>>>>>>>> [email protected][4] / [email protected][5] >>>>> >>>>> >>>>>>>>>>> >>>>> >>>>> >>>>>>>>>>> >>>>> >>>>> >>>>>>>>>>> 一些结果: >>>>> >>>>> >>>>>>>>>> >>>>> >>>>> >>>>>>>>>> -- >>>>> >>>>> >>>>>>>>>> >>>>> >>>>> >>>>>>>>>> --- >>>>> >>>>> >>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>> Google Groups "TUNA 主邮件列表" group. >>>>> >>>>> >>>>>>>>>> To unsubscribe from this group and stop receiving emails from >>>>>>>>>> it, send an email to [email protected][6]. >>>>> >>>>> >>>>>>>>>> To post to this group, send email to tuna- >>>>>>>>>> [email protected][7]. >>>>> >>>>> >>>>>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>>> >>>>>>>>> >>>>> >>>>> >>>>>>>>> -- >>>>> >>>>> >>>>>>>>> >>>>> >>>>> >>>>>>>>> --- >>>>> >>>>> >>>>>>>>> You received this message because you are subscribed to the >>>>>>>>> Google Groups >>>>> >>>>> >>>>>>>>> "TUNA 主邮件列表" group. >>>>> >>>>> >>>>>>>>> To unsubscribe from this group and stop receiving emails from >>>>>>>>> it, send an >>>>> >>>>> >>>>>>>>> email to [email protected][8]. >>>>> >>>>> >>>>>>>>> To post to this group, send email to tuna- >>>>>>>>> [email protected][9]. >>>>> >>>>> >>>>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>>> >>>>>>>>> Email had 1 attachment: >>>>> >>>>> >>>>>>>>> + smime.p7s >>>>> >>>>> >>>>>>>>> 3k (application/pkcs7-signature) >>>>> >>>>> >>>>>>> >>>>> >>>>> >>>>>>> 我明天去检查一下arp。 >>>>> >>>>> >>>>>>> 另外,只打开dhcp snooping可以防止arp攻击吗,可以禁止手动设置ip吗? >>>>> >>>>> >>>>>>> >>>>> >>>>> >>>>>>> -- >>>>> >>>>> >>>>>>> >>>>> >>>>> >>>>>>> --- >>>>> >>>>> >>>>>>> You received this message because you are subscribed to the >>>>>>> Google Groups >>>>> >>>>> >>>>>>> "TUNA 主邮件列表" group. >>>>> >>>>> >>>>>>> To unsubscribe from this group and stop receiving emails from >>>>>>> it, send an >>>>> >>>>> >>>>>>> email to [email protected][10]. >>>>> >>>>> >>>>>>> To post to this group, send email to tuna- >>>>>>> [email protected][11]. >>>>> >>>>> >>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>>> >>>>>> >>>>> >>>>> >>>>>> -- >>>>> >>>>> >>>>>> >>>>> >>>>> >>>>>> --- >>>>> >>>>> >>>>>> You received this message because you are subscribed to the >>>>>> Google Groups "TUNA 主邮件列表" group. >>>>> >>>>> >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected][12]. >>>>> >>>>> >>>>>> To post to this group, send email to tuna- >>>>>> [email protected][13]. >>>>> >>>>> >>>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> --- >>>>> >>>>> >>>>> You received this message because you are subscribed to the Google >>>>> Groups "TUNA 主邮件列表" group. >>>>> >>>>> >>>>> To unsubscribe from this group and stop receiving emails from it, >>>>> send an email to [email protected][14]. >>>>> >>>>> >>>>> To post to this group, send email to tuna- >>>>> [email protected][15]. >>>>> >>>>> >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> --- >>>>> >>>>> >>>>> You received this message because you are subscribed to the Google >>>>> Groups "TUNA 主邮件列表" group. >>>>> >>>>> >>>>> To unsubscribe from this group and stop receiving emails from it, >>>>> send an email to [email protected][16]. >>>>> >>>>> >>>>> To post to this group, send email to tuna- >>>>> [email protected][17]. >>>>> >>>>> >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> >>>>> >>>>> >>>>> --- >>>>> >>>>> >>>>> You received this message because you are subscribed to the Google >>>>> Groups "TUNA 主邮件列表" group. >>>>> >>>>> >>>>> To unsubscribe from this group and stop receiving emails from it, >>>>> send an email to [email protected][18]. >>>>> >>>>> >>>>> To post to this group, send email to tuna- >>>>> [email protected][19]. >>>>> >>>>> >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> >>>>> >>>>> >>>>> --- >>>>> >>>>> >>>>> You received this message because you are subscribed to the Google >>>>> Groups "TUNA 主邮件列表" group. >>>>> >>>>> >>>>> To unsubscribe from this group and stop receiving emails from it, >>>>> send an email to [email protected][20]. >>>>> >>>>> >>>>> To post to this group, send email to tuna- >>>>> [email protected][21]. >>>>> >>>>> >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>>> >>>>> >>>> 确实有非常多到网关的arp请求。而且还看到了duplicate use of xxx. >>>> >>>> 我们系自己的学生网管建议过别的学生和老师如果dhcp分不到ip,就自己手动设置一个。。。所以现在肯定有一些人的ip是自己设置的静态i- >>>> p,不是从dhcp那里拿到的。会不会与问题有关? >>>> 自己试了一下,给自己设置一个静态ip是可以用的,但是我要求华三的人在所有楼层交换机上打开dhcp >>>> snooping了(可能并不是华三的人,只是个代理商或者只是给大楼建网络的公司的人)。 >>>> 上次的问题是有人把路由器接反了,导致很多人分到了192.168.0.1/24的私有ip,打开了dhcp >>>> snooping之后没再出现这种问题。难道是华三的这个功能我理解错了?或者干脆就没有打开? >>>> 华三某配置指南上有写: >>>> >>>>> 为防止非法用户通过配置静态 IP 地址的方式接入网络,在用户所在 VLAN 内启用 ARP Detection >>>> 功能(本例为缺省 VLAN 1 内),基于 DHCP Snooping 表项对用户进行合法性检查,保证合法用户可以正常转发报文 >>>> >>>> dhcp snooping和ARP Detection是什么关系? >>>> >>>> PS:话说为什么回复不能加附件了。。。粘贴了一些抓包的结果 >>>> >>>> 7451 76.294550000 Giga-Byt_44:29:8f Broadcast ARP 60 Who has >>>> 101.6.62.1? Tell 101.6.62.195 (duplicate use of 101.6.62.195 >>>> detected!) >>>> 7453 76.332446000 Micro-St_b4:a0:85 Broadcast ARP 60 Who has >>>> 101.6.62.1? Tell 101.6.62.233 >>>> 7454 76.334221000 SuperMic_6c:a8:1b Broadcast ARP 60 Who has >>>> 101.6.62.1? Tell 101.6.62.91 >>>> 7458 76.351186000 Tp-LinkT_e8:79:f4 Broadcast ARP 60 Who has >>>> 192.168.1.105? Tell 192.168.1.1 (duplicate use of 192.168.1.1 >>>> detected!) >>>> 7466 76.377746000 WistronI_b3:79:99 Broadcast ARP 60 Who has >>>> 101.6.62.1? Tell 101.6.62.176 >>>> 7475 76.576748000 Dell_ae:c3:97 Broadcast ARP 60 Who has >>>> 101.6.62.1? Tell 101.6.62.62 >>>> 7482 76.676673000 HewlettP_5a:54:b7 Broadcast ARP 60 Who has >>>> 101.6.62.145? Tell 101.6.62.148 >>>> >>>> -- >>>> >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "TUNA 主邮件列表" group. >>>> To unsubscribe from this group and stop receiving emails from it, >>>> send an email to [email protected]. >>>> To post to this group, send email to [email protected]. >>>> For more options, visit https://groups.google.com/d/optout. >>> >>> >>> -- >>> >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "TUNA 主邮件列表" group. >>> To unsubscribe from this group and stop receiving emails from it, >>> send an email to [email protected]. >>> To post to this group, send email to [email protected]. >>> For more options, visit https://groups.google.com/d/optout. >>> >>> Email had 1 attachment:
>>> * smime.p7s 6k (application/pkcs7-signature) >> >> >> -- >> >> --- >> You received this message because you are subscribed to a topic in >> the Google Groups "TUNA 主邮件列表" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/tuna-general/EDgtI-p6rmQ/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> [email protected]. >> To post to this group, send email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google > Groups "TUNA 主邮件列表" group. > To unsubscribe from this group and stop receiving emails from it, > send an email to [email protected]. > To post to this group, send email to [email protected]. > For more options, visit https://groups.google.com/d/optout. Links: 1. http://gmail.com/ 2. http://bigeagle.me/ 3. http://gmail.com/ 4. http://foxmail.com/ 5. http://gmail.com/ 6. http://googlegroups.com/ 7. http://googlegroups.com/ 8. http://googlegroups.com/ 9. http://googlegroups.com/ 10. http://googlegroups.com/ 11. http://googlegroups.com/ 12. http://googlegroups.com/ 13. http://googlegroups.com/ 14. http://googlegroups.com/ 15. http://googlegroups.com/ 16. http://googlegroups.com/ 17. http://googlegroups.com/ 18. http://googlegroups.com/ 19. http://googlegroups.com/ 20. http://googlegroups.com/ 21. http://googlegroups.com/ -- --- You received this message because you are subscribed to the Google Groups "TUNA 主邮件列表" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. For more options, visit https://groups.google.com/d/optout.
