Joke Collection Website - Mood Talk - How to solve the problem of speed limit when someone uses P2P terminator?

How to solve the problem of speed limit when someone uses P2P terminator?

P2p Terminator was originally a good network management software, but now many people use it to limit traffic.

The reason why ARP impact alarm occurs is that p2p uses the principle of arp spoofing.

How to break through the p2p terminator in the LAN? Let’s first understand the principles of p2p. The most basic principles of restrictions on downloading of these software are the same as those of other network management software, such as Network Law Enforcement Officer. They all use the principle of ARP spoofing!

Look at this picture first:

|------------》Computer A

|------ ------》Computer B

Internet--------gt; gateway -------gt; router (switch can be used) ------- gt; |------------》Computer C (P2P Terminator can be used on any of these five computers)

|------ ------》Computer D

|------------》Computer E

Let me start with this picture and tell you about ARP The principle of deception! First, let me tell you what ARP is. ARP (Address Resolution Protocol) is an address resolution protocol. It is a protocol that converts IP addresses into physical addresses. There are two ways to map from IP addresses to physical addresses: tabular and non-tabular.

To be specific, ARP resolves the address of the network layer (IP layer, which is equivalent to the third layer of OSI) into the data connection layer (MAC layer, which is equivalent to the second layer of OSI). MAC address.

Anyone who has studied the basics of the Internet knows this!

Under normal circumstances, when A wants to send data to B, it will first query the local ARP cache table, and after finding the MAC address corresponding to B's IP address, the data will be transmitted. Then broadcast A an ARP request message (carrying host A's IP address Ia - physical address Pa), requesting host B with IP address Ib to reply with physical address Pb. All hosts on the network, including B, receive the ARP request, but only host B recognizes its own IP address, so it sends an ARP response message back to host A. It contains B's MAC address. After A receives B's response, it will update the local ARP cache. Then use this MAC address to send data (the MAC address is appended by the network card). Therefore, the ARP table in the local cache is the basis for local network circulation, and this cache is dynamic.

The ARP protocol does not only receive ARP replies after sending ARP requests. When the computer receives an ARP reply packet, it updates the local ARP cache and stores the IP and MAC addresses in the reply in the ARP cache. Therefore, when a machine B in the local network sends a forged ARP response to A, and if this response is forged by B pretending to be C, that is, the IP address is C's IP and the MAC address is forged, then when A After receiving B's forged ARP reply, the local ARP cache will be updated, so that in A's view, C's IP address has not changed, but its MAC address is no longer the original one. Because network traffic on the LAN is not based on IP addresses, but is transmitted based on MAC addresses. Therefore, the forged MAC address is changed to a non-existent MAC address on A, which will cause network failure and prevent A from pinging C! This is a simple ARP spoofing.

After seeing these contents, everyone will probably understand why P2P can control the flow of computers in the network. In fact, it acts as a gateway here. Spoof the data of all computers in a network segment and then forward it out again.

All data from the controlled computer will first pass through this P2P host and then be transferred to the gateway!

The basic principle is this. Let’s break through the working principle of it!

First, it is to bind the machine IP address and MAC address which is widely circulated on the Internet.

Second, it is to modify your own MAC address to deceive P2P into scanning your machine. The method is Modify the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318} subkey, but the effect is not ideal.

3. Use two-way IP/MAC binding

Bind the MAC address of your egress router on your PC. The P2P terminator software cannot ARP spoof you, and naturally it cannot. I don't mind you, but just binding the router's MAC to the PC is not safe, because the P2P terminator software can spoof the router, so the best solution is to use a PC and two-way IP/MAC binding on the router, that is, bind it on the PC. Determine the MAC address of the outgoing route, and bind the IP and MAC address of the PC on the route. This requires the route to support IP/MAC binding, such as a HIPER router.

4. See a firewall on the Internet , it is Look N

Stop firewall. I saw some prawns on the Internet saying that it can prevent arp spoofing, so I downloaded it and tried it! The method is as follows: But the premise is that your machine does not communicate with the machines in the LAN and connects to your own network! And the gateway is fixed!

A. There is an "ARP: Authorize all ARP packets" rule in "Internet Filtering". Put a prohibition mark in front of this rule;

B. But this rule will by default Gateway information is also prohibited. The solution is to put the MAC address of the gateway (usually the gateway is fixed) in the "Target" area of ??this rule, select "Not equal to" in "Ethernet: Address", and put The MAC address of the gateway is filled in at that time; put your MAC address in the "Source" area and select "Not equal to" in "Ethernet: Address".

C. In the last "Allotherpacket", modify the "Destination" area of ??this rule, select "Not equal to" in "Ethernet: Address", and fill in FF:FF:FF in the MAC address. :FF:FF:FF; put your MAC address in the "Source" area, and select "Not equal to" in "Ethernet: Address". No other changes will be made.

5. It is to detect whose network card in a certain network segment is in promiscuous mode. Generally, normal hosts will not be in promiscuous mode! Unless you set it up deliberately, there are many tools online that can detect it!

6. The author of P2P software has come up with another tool called: Anti-P2P Terminator. Perhaps on the one hand, it is not to harm us Internet users, and on the other hand, it is to protect their own interests! After all, there are many copies of this tool on the Internet! Anti-P2P terminator is very simple to use. As long as it is opened and run, it can detect the P2P tools in the same network segment and terminate it automatically. However, this software no longer works.

7. I think this method may not be very popular, that is, using VLAN, as long as your PC and the P2P terminator software are not in the same VLAN, there is nothing he can do to you. Like our ordinary dormitory This method of going online is no longer useful! But it may be useful for large Internet cafes!

8. Regarding limiting traffic, you can break through it by changing your own subnet mask. I changed the default subnet mask of 255.255.255.0 to 255.240.0.0, and you can still access the Internet, p2p terminator , restricting traffic is ineffective! But I want to explain that the way I access the Internet here is: adsl-routing-computer. I don’t know if this method can be used in other network environments!

9. There is another I saw a prawn on the Internet saying that P2P restrictions can be broken through restricting ports. I have never been able to understand this method! It seems that there is no such thing as a port in the arp protocol. The port is only based on TCP/IP. I hope experts can give me some guidance!

10. Use a router that can prevent internal network security. I have seen it online and it seems that Xinxiang immune wall router can well control the traffic of each IP in the LAN, intelligently limit bandwidth, and has innate ARP immunity function to prevent ARP attacks and solve the problem of disconnection.

The above method is my personal understanding. If there is something wrong or there is a good method, you can put it forward and discuss it together!