|
PCDVD數位科技討論區
(https://www.pcdvd.com.tw/index.php)
- 疑難雜症區
(https://www.pcdvd.com.tw/forumdisplay.php?f=34)
- - 宿網被限制但不知是房客搗亂或isp業者行為
(https://www.pcdvd.com.tw/showthread.php?t=1087782)
|
|---|
引用:
是沒辦法聽到所有的封包, 但直接針對樓主pc而來的攻擊總聽得到了吧? 再說不試試看怎會知道結果呢? 說不定用wireshark就能找出真兇了啊 |
引用:
您試看看吧...我沒意見!! 不過, MAC 如果是造假的,你覺得這個frame會是造假source MAC address ,還是destination MAC address ?? 仔細想想你會有答案!! |
引用:
大概明白你意思 為達欺騙目的, source ip/mac一定會做偽造, 故找不出兇手是誰, 是這樣嗎? |
引用:
是呀 , 這要怎麼找出來 ?? 連source 都造假了 , 一般非網管的Switch一定沒辦法去鎖 合法的source MAC address , 所以才只有去換網管型的SW , 一般都可以指定Switch Port 底下是指定的MAC address可以通過,其它的MAC就會被擋住 , 這才能解決MAC 造假的問題!! 不然以樓主的狀況來說,不想換Switch , 只有強制每個人的PC硬碟拔出來去掃毒,把中毒的PC 給找出來才是徹底解決之道!! 二選一 , 都不是輕鬆容易的事.... :jolin: |
可以看一下你的ipconfig /all資訊嗎?
之前碰過類似,是因為內部DNS Server開了ipv6,但是Gateway沒有設定正確 |
您好,感謝各位,
...我確定不是 DNS 的問題.. 以下是我用 wireshark 擷取資料中的 D-LINKin_df:9e:c2 根本不是區網中的真正 gateway(分享器) ,其冒用了 192.168.0.1 的 IP,並回覆我錯誤 MAC 位址來影響我的 ARP TABLE ... 我擷取了約 1 個多小時不斷重複這些 request/reply 動作...還是說我自己中毒了呢? =============================================== No. Time Source Destination Protocol Length Info 8 0.000562000 D-LinkIn_df:9e:c2 AsustekC_50:60:e9 ARP 60 192.168.0.1 is at 78:54:2e:df:9e:c2 Frame 8: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Interface id: 0 (\Device\NPF_{8C870860-41BC-4FFE-9EFF-F23B18E4B432}) Encapsulation type: Ethernet (1) Arrival Time: Sep 20, 2015 21:56:52.253064000 台北標準時間 [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1442757412.253064000 seconds [Time delta from previous captured frame: 0.000131000 seconds] [Time delta from previous displayed frame: 0.000131000 seconds] [Time since reference or first frame: 0.000562000 seconds] Frame Number: 8 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:arp] [Coloring Rule Name: ARP] [Coloring Rule String: arp] Ethernet II, Src: D-LinkIn_df:9e:c2 (78:54:2e:df:9e:c2), Dst: AsustekC_50:60:e9 (00:1d:60:50:60:e9) Destination: AsustekC_50:60:e9 (00:1d:60:50:60:e9) Address: AsustekC_50:60:e9 (00:1d:60:50:60:e9) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: D-LinkIn_df:9e:c2 (78:54:2e:df:9e:c2) Address: D-LinkIn_df:9e:c2 (78:54:2e:df:9e:c2) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: ARP (0x0806) Padding: 000000000000000000000000000000000000 [Duplicate IP address detected for 192.168.0.1 (78:54:2e:df:9e:c2) - also in use by bc:14:01:96:11:e1 (frame 3)] [Frame showing earlier use of IP address: 3] [Expert Info (Warn/Sequence): Duplicate IP address configured (192.168.0.1)] [Duplicate IP address configured (192.168.0.1)] [Severity level: Warn] [Group: Sequence] [Seconds since earlier frame seen: 0] Address Resolution Protocol (reply) Hardware type: Ethernet (1) Protocol type: IP (0x0800) Hardware size: 6 Protocol size: 4 Opcode: reply (2) Sender MAC address: D-LinkIn_df:9e:c2 (78:54:2e:df:9e:c2) Sender IP address: 192.168.0.1 (192.168.0.1) Target MAC address: AsustekC_50:60:e9 (00:1d:60:50:60:e9) Target IP address: 192.168.0.23 (192.168.0.23) |
可能樓主要找柯南來辦案了....
要怎麼做,之前都說了!! 如果不想花錢 , 那就來學Linux Firewall吧.... 但還是可能要組台PC貢獻出來 , 還是要花錢 .... :laugh: :laugh: :laugh: 所以..... 幫不了你!! :ase 反正沒我的事.... :D |
感謝各位!!
我得先確定的是: 1. 是有惡鄰在攻擊(能憑上文 wireshark 的擷取資料認定有第三者在搗亂) OR 2. 是我自己中毒,結果我才是攻擊者...這樣攤牌時多不好意思..(但先前用 avira free 掃過一遍了) ...可做定論嗎? |
其實一張早期有BUG的螃蟹卡就能引發封包風暴毀了一整個區網...
或者是有某個天才把一條網路線的兩個頭都插在同一顆非網管型HUB上 這兩種情況聽起來很蠢 但其實不難遇到 天兵無極限阿 |
不過狀況聽起來很像D-LinkIn_df:9e:c2 (78:54:2e:df:9e:c2)這台電腦使用NetCut軟體針對你的電腦做攻擊
先把分享器的MAC設定成靜態ARP試試 另外再分享器裡設一條靜態ARP把它的MAC(78:54:2e:df:9e:c2)跟莫名其妙的IP(192.168.99.99之類)綁定好像也會讓對方上不了網 可以試試 |
| 所有的時間均為GMT +8。 現在的時間是03:55 PM. |
vBulletin Version 3.0.1
powered_by_vbulletin 2025。