使用批處理文件防備ARP攻擊

@echo off::讀取本機(jī)Mac地址if exist ipconfig.txt del ipconfig.txtipconfig /all >ipconfig.txtif exist phyaddr.txt del phyaddr.txtfind "Physical Address" ipconfig.txt >phyaddr.txtfor /f "skip=2 tokens=12" %%M in (phyaddr.txt) do set Mac=%%M::讀取本機(jī)ip地址if exist IPAddr.txt del IPaddr.txtfind "IP Address" ipconfig.txt >IPAddr.txtfor /f "skip=2 tokens=15" %%I in (IPAddr.txt) do set IP=%%I::綁定本機(jī)IP地址和MAC地址arp -s %IP% %Mac%::讀取網(wǎng)關(guān)地址if exist GateIP.txt del GateIP.txtfind "Default Gateway" ipconfig.txt >GateIP.txtfor /f "skip=2 tokens=13" %%G in (GateIP.txt) do set GateIP=%%G::讀取網(wǎng)關(guān)Mac地址if exist GateMac.txt del GateMac.txtarp -a %GateIP% >GateMac.txtfor /f "skip=3 tokens=2" %%H in (GateMac.txt) do set GateMac=%%H::綁定網(wǎng)關(guān)Mac和IParp -s %GateIP% %GateMac%arp -s 網(wǎng)關(guān)IP 網(wǎng)關(guān)MACexit

@echo offfor /f "delims=: tokens=2" %%a in (ipconfig /all^ find "Physical Address") do set local_mac=%%afor /f "delims=: tokens=2" %%a in (ipconfig /all^ find "IP Address") do set local_ip=%%afor /f "delims=: tokens=2" %%a in (ipconfig /all^ find "Default Gateway") do set gate_ip=%%afo* /* %%* in (getmac /nh /s %local_ip%) do set gate_mac=%%aarp -s %local_ip% %local_mac%arp -s %gate_ip% %gate_mac% （這個地方有問題， 改進(jìn)中……）

@ECHO OFFSETLOCAL ENABLEDELAYEDEXPANSIONfor /f "tokens=2 delims=[]=" %%i in (nbtstat -a %COMPUTERNAME%) do call set local=!local!%%ifor /f "tokens=3" %%i in (netstat -r^ find " 0.0.0.0") do set gm=%%ifor /f "tokens=1,2" %%i in (arp -a %gm%^ find /i /v "inter") do set gate=%%i %%jarp -s %gate%arp -s %local%arp -s 網(wǎng)關(guān)IP 網(wǎng)關(guān)MAC

@echo off:::::::::::::清除所有的ARP緩存arp -d:::::::::::::讀取本地連接配置ipconfig /all>ipconfig.txt:::::::::::::讀取內(nèi)網(wǎng)網(wǎng)關(guān)的IPfor /f "tokens=13" %%I in (find "Default Gateway" ipconfig.txt) do set GatewayIP=%%I::::::::::::ING三次內(nèi)網(wǎng)網(wǎng)關(guān)ping %GatewayIP% -n 3:::::::::::::讀取與網(wǎng)關(guān)arp緩存arp -a find "%GatewayIP%">arp.txt:::::::::::::讀取網(wǎng)關(guān)MAC并綁定for /f "tokens=1,2" %%I in (find "%GatewayIP%" arp.txt) do if %%I==%GatewayIP% arp -s %%I %%J:::::::::::::讀取本機(jī)的 IP+MACfor /f "tokens=15" %%i in (find "IP Address" ipconfig.txt) do set ip=%%ifor /f "tokens=12" %%i in (find "Physical Address" ipconfig.txt) do set mac=%%i:::::::::::::綁定本機(jī)的 IP+MACarp -s %ip% %mac%:::::::::::::刪除所有的臨時文件del ipconfig.txtdel arp.txtexit