Ethereum code attacked by hackers

1.

There is an essential difference between Ethereum and bitcoin. What is the difference? Bitcoin defines a set of currency system, while Ethereum focuses on building a main chain (which can be understood as a road) to allow a large number of blockchain applications to run on this road

from this point of view, Ethereum's application scenarios are more extensive, which is why we say that Ethereum marks a simple monetary system in the era of blockchain

1.0, and a transformation to other instries and application scenarios in the era of blockchain 2.0

however, there is no perfect thing in the world. Although Ethereum has expanded the application scope of blockchain in all walks of life and improved the speed of transaction processing, it also has some disputes and doubts

first, the solution to the lack of scalability of Ethereum: slicing technology and lightning network

the bottom design of Ethereum, the biggest problem is that Ethereum has only one chain and no side chain, which means that all programs have to run on this chain equally, consuming resources and causing system congestion. Just like last year's very popular Ethereum game "encryption cat", when this game was very popular, it once caused Ethereum network paralysis

to improve the processing capacity, Ethereum proposes two ways: shard and lightning network. Let's introce these two technologies respectively

(1) fragmentation technology

vitalik buterin, founder of Ethereum, believes that the reason why mainstream blockchain networks such as bitcoin process transactions very slowly is that every miner has to process every transaction in the whole network, which is actually very inefficient. The idea of fragmentation technology is: a transaction does not need to be processed by all nodes in the whole network, as long as some nodes (miners) in the network are allowed to process it. Therefore, Ethereum network is divided into many pieces. At the same time, each piece can handle different transactions. In this way, the network performance will be greatly improved

however, the slicing technology is also controversial. As we all know, the important idea of blockchain technology is decentralization. Only when the whole network witnesses (processes) the same transaction can it have the highest authority. The Ethereum slicing technology is similar to the group witness, not all nodes witness together. In this way, it will lose the absolute "decentralization" attribute, and can only achieve the purpose of high performance by sacrificing certain characteristics of decentralization

(2) lightning network

lightning network uses the way of transaction under the chain. What does that mean? It means: when the participants of lightning network transfer money to each other, they do not need to confirm the transaction through the main chain of Ethereum, but create a payment channel between the participants and complete it under the chain

however, lightning network is not separated from the main chain. Before establishing a payment channel, you need to use the assets on the main chain as collateral to generate a balance proof, which indicates that you can transfer the corresponding balance. In the case that both parties of the transaction hold the balance certificate, both parties can make unlimited number of transfers under the chain through the payment channel

only when the off chain transaction is completed and the assets need to be transferred back to the chain, the balance change information of the main chain account will be registered on the Ethereum main chain, and no matter how many transactions occur ring this period, there will be no record on the main chain

another real benefit of lightning network is that it can save the cost of miners for you. At present, when we trade on the main chain of Ethereum, we need to consume gas and pay for miners. Once we move the transaction to the lower chain, we can save this part of the cost

Of course, lightning network is not perfect. When using the lightning network, the assets on the main chain should be used as collateral; And this part of assets as collateral can not be used before the user completes the transaction under the chain. This also determines that lightning trading is only suitable for small transactions

the above is the problem of insufficient scalability of Ethereum, as well as the two main solutions: fragmentation technology and lightning network

Second, there are loopholes in Ethereum's smart contract and the infamous Dao event

Ethereum's smart contract is very powerful, but there are loopholes in any code. The biggest controversy of Ethereum's smart contract lies in the so-called loopholes, that is, security issues. According to relevant research, 34200 (about 3%) of the nearly 1 million smart contracts based on Ethereum contain security vulnerabilities, which will allow hackers to steal eth, freeze assets or delete contracts, such as the infamous Dao incident

(1) what does Dao mean

before introcing the Dao event, let's first introce what Dao is. Dao is the abbreviation of decentralized

autonomous organization, which can be understood as decentralized autonomous organization. From the perspective of Ethereum, Dao is a kind of contract or a combination of contracts on the blockchain, which is used to replace the government's review and complex intermediate proceres, so as to achieve an efficient and decentralized trust system. Therefore, Dao is not a specific organization, that is to say, there can be many Dao, all kinds of Dao

(2) the infamous Dao event

however, when we talk about Dao now, we basically refer to the Dao event, that is, the infamous hacker attack event we just mentioned. As we know, the English word "the" refers to "the Dao event". The Dao event

refers to "the Dao event", because we just said that Dao is not a specific organization, there can be many Dao, all kinds of Dao

in 2016, slock.it, a German company focusing on "smart locks", launched the Dao project on Ethereum in order to realize decentralized physical exchange (such as apartments and ships). Since April 30, 2016, the financing window has been open for 28 days

unexpectedly, this Dao project is very popular. It raised more than US $100 million in just half a month. By the end of the whole financing period, it raised a total of US $150 million. Therefore, it has become the largest crowdfunding project in history. However, it didn't last long. In June, hackers took advantage of the loopholes in the smart contract to successfully transfer more than 3.6 million Ethernet coins and put them into a Dao sub organization, which has the same structure as the Dao. At that time, the price of Ethernet currency fell directly from more than $20 to less than $13

this event shows that there are loopholes in smart contracts, and once the loopholes are exploited by hackers, the consequences will be very serious. This is why many people criticize Ethereum and say that its smart contract is not smart

to solve this problem, many foreign companies begin to provide code audit services in order to solve the vulnerability problem of smart contract. From a technical point of view, some teams are currently testing smart contracts. Most of these teams are led by professors from Harvard, Stanford and Yale, and some of them have obtained investment from leading institutions

in addition to the problems of insufficient expansibility and loopholes in smart contracts, the controversy over Ethereum lies in the POS consensus mechanism it pursues, that is, the proof of equity mechanism. Under the proof of equity mechanism, if anyone holds more money and holds it for a longer time, he will get more "rights" (interests) and have the opportunity to get bookkeeping power, Bookkeeping can also be rewarded. In this way, it is easy to create the oligarchic advantage of "the stronger the stronger"

Another problem is the chaos of ICO. ICO is a common way to raise funds for blockchain projects, which we can understand as pre-sale. The outbreak of ICO projects on Ethereum has caused illegal activities such as fund allocation and money fraud under the banner of ICO, which has caused security risks to social and financial stability

2.

at present, the vast majority of digital currency transactions are concted in exchanges. Among the numerous exchanges, bitfinex, binance, okex and so on are well-known

However, bitcoin and other digital currencies, as decentralized assets, have to be traded in a centralized exchange, which seems to have hidden contradictions and dangers

1. Problems and challenges of stock exchanges=“ https://iknow-pic.cdn.bcebos.com/fd039245d688d43fdf16c83b761ed21b0ff43bbf ">

in February 2014, Mt. GOx, the world's largest bitcoin exchange at that time, was stolen 850000 bitcoins, and the price of bitcoin suffered a" cliff "crash on that day. Later, it was revealed that Mt. GOx was in fact a thief, and only 7000 bitcoins were actually stolen

in August 2016, bitfinex, the largest U.S. dollar bitcoin trading platform, suffered a security vulnerability, resulting in the theft of 120000 bitcoins, which was worth $65 million at that time. If converted into the price in December 2017, it would be worth nearly $2 billion

on December 19, 2017, South Korea's youbit exchange was attacked by hackers and lost 4000 bitcoins, and the exchange declared bankruptcy

on December 21, 2017, the Ukrainian liqui exchange was stolen 60000 bitcoins, and the unit price of bitcoin plummeted by US $2000

in 2018, such a drama will only continue

in addition to the threat of hackers, traditional exchanges also have some inherent shortcomings, such as lack of supervision and inefficiency. The security of the exchange for investors can only rely on its own credit, and the cost of running is very low. The stock exchange is regulated at the national level, but there is no such sword of Damocles on the top of the digital currency exchange. Moreover, in an exchange, the same order can only be submitted to one exchange. After the user places an order, the funds used for the transaction will be frozen and can only wait for the completion or cancellation of the transaction. These are undoubtedly inefficient

All in all, the problems of exchanges are the problems of centralization

2. Decentralization of exchanges=“ https://iknow-pic.cdn.bcebos.com/86d6277f9e2f070889a173c9e224b899a801f257 ">

(1) the progress of the exchange itself

the upgrade of security means is various. At present, the best use is cold wallet, that is, to keep the digital currency in the offline U disk. At the end of 2017, when the YouTube exchange was attacked, 75% of its assets were withdrawn into the cold purse in time to avoid greater losses. However, it seems to be a helpless way to protect the online assets by offline means. Of course, there should be many other methods, which will not be repeated here

(2) the representative of cross ledger transaction is ripple network, and the operating company is ripple labs, which is a semi centralized system. Ripple is a decentralized clearing agreement. In order to solve the high cost and delay of inter-bank clearing, its base currency is XRP. Ripple network can connect all kinds of assets, such as US dollar, RMB, Japanese yen, bitcoin, etc. to its own network. In this system, U.S. dollars or bitcoin can be converted into reborn currency, and then reborn currency can circulate freely in the network, just as a highway is built between various assets. Due to the support of major banking institutions, the reborn currency achieved nearly 300 times growth in 2017

(3) decentralized exchange

some teams try to use blockchain technology to build a decentralized exchange. This kind of decentralized exchange, to some extent, is an extension of cross ledger trading

bitshares is the most representative of early rising projects. It builds a blockchain development platform with servers scattered all over the world. Even if some of them are attacked, the system will not collapse. Anyone can transfer money and borrow money freely on this platform, and can also quickly build a centralized exchange based on this platform. In order to ensure stable value, bitstocks also require three times of digital assets as collateral. At present, bitstocks are running fairly well

later, with the development of Ethereum and smart contract, the x x protocol came into being. This is an open protocol running in the Ethereum blockchain and a decentralized exchange in the Ethereum ecosystem. The agreement has attracted many investors. At present, it has completed financing and started to build open source software tools and infrastructure. Of course, there are many competitors. Ether Delta, IDEX and oasis DEX are trying to provide similar functions. Moreover, it is a smart contract system based on Ethereum, which only supports erc20 token. If other smart contract public chains start to rise, the demand will be reced

in addition, there are some teams that are entering, such as the domestic road seal agreement, looping (LRC) in English. They adopted a design similar to the X protocol, and also introced a fast payment function similar to the lightning network. It is characterized by trying to match multiple exchanges, the user's order can be broadcast to multiple exchanges, and completed by different exchanges. Moreover, the user can still use the account funds after placing an order, and the user's behavior of transferring part or all of the funds is equivalent to partial or total cancellation. To some extent, it improves the breadth and timeliness of the transaction. However, this system seems to have damaged the "power" of the existing exchanges. Whether we can persuade everyone to play together will be a difficult problem

At present, there is still a long way to go for the construction of decentralized exchange. In 3-5 years, traditional exchange will still be the main battlefield of digital currency

However, in the future, it is worth looking forward to let the decentralized digital currency get rid of the shackles of centralization

3. 1. Every server has a database backup, and some of them are backed up on other databases or other mobile hard disks. If hackers attack, they can recover
2. If you don't have a backup, you have to call the police
3. Contacting hackers without permission can't recover data, and they will only sink deeper and deeper
4. Pay attention to more backup and multiple ways in the future, and the daily responsibilities of the administrator should also be managed by someone.

4. Both indivials and enterprises can purchase alicloud servers and develop an app. However, real name authentication is required. Personal real name certification and enterprise real name certification, after passing the certification, you can easily choose cloud computing procts. Leave a message or see the content of the blog, Lao Wei has written many detailed articles, which can help you get started.

5.

Osmanthus fragrans doesn't belong to Osmanthus fragrans. Cigui, also known as Huaye tree, mouse thorn; It is a plant of Ilex family. Evergreen shrubs or small trees, landscaping tree species. It is mainly distributed in the middle and lower reaches of the Yangtze River in China

There are four groups of Osmanthus fragrans, namely Dangui, Jingui, Yingui and sijigui. Among them, Osmanthus fragrans, Osmanthus fragrans and Osmanthus fragrans all bloom in autumn and are collectively called August osmanthus. Generally, it takes at least 10 years for Osmanthus fragrans seedlings to bloom in open field. For newly transplanted seedlings, it is not allowed to apply fertilizer too early. Sowing seedlings, after two years of cultivation, the next spring can be transplanted, flowering period in ten years

6. Which platform is the dog coin I bought in Zhengyu? At the end of the year and the beginning of the year, all kinds of Telecom fraud began to emerge again, while Internet fraud under the guise of virtual currency investment appeared frequently, which aroused the attention of supervision and public security<

"recently, a girl under 30 years old in our building lost more than 300000 yuan because of speculating in virtual currency, and a boy nearby lost more than 700000 yuan because of investing in bitcoin. Therefore, we are now sending police reminder leaflets door to door, and asking the person in charge of the family to fill in the information. On the one hand, we are alert to all kinds of new means of Internet fraud; In addition, it is also a way to find out the people who are involved in investment fraud hidden everywhere. " On February 4, the community police of a community in Songjiang District of Shanghai told China times

the police also said that many new types of fraud no longer focus on the middle-aged and the elderly, but on the "post-90s" and conct virtual currency investment fraud through wechat and QQ group

in fact, with the recent sharp rise and fall of virtual digital currency represented by bitcoin, a wave of air currency has surged, which makes many young people in China think that there are investment opportunities. However, some bloody cases let the Shanghai public security department issue a police warning to the public<

the "conspiracy" after the big rise of bitcoin

"bitcoin is too expensive for ordinary people to play, but the sharp rise and fall of bitcoin driven by bitcoin market needs attention. The current chaotic market does not rule out the conspiracy of head makers working together." On February 5, Wang Heng, senior analyst of Shanghai virtual digital currency, pointed out this analysis

recently, dogecoin, the "old ancestor" of air currency, suddenly rose sharply after January 28. In the morning of January 29, Beijing time, Elon Musk, the founder of Tesla, released a social tweet with pictures containing information about dogecoin. As musk has mentioned Dog Coin publicly for many times, the picture is considered to be his platform again. At that time, the dog coin price rose about 260% in 24 hours; In the afternoon of January 29, the price of dog currency and US dollar stable currency trading pair reached the highest of about US $0.085 in okex, coin an and fire currency exchanges, with a 24-hour increase of more than 900%

according to the data of coinmarketcap, the price of doggie has not exceeded US $0.01 for a long time since February to December, 2018. This rise has made doggie top the list of major exchanges, with its market value approaching us $10 billion, once ranking among the top ten cryptocurrencies in market value. Compared with the new currency of small market value, the dog currency of "longevity" has been online as early as 2014. For the soaring dog currency, some people in the cryptocurrency instry are "envious" while calling out that they can't understand it

"behind the sharp rise of dog money, in fact, it is the continuation of the war between American retail investors and Wall Street institutional bears. Whether it's the soaring stock price of game station (GME) or the rising dog coin, it can be explained by Robert Schiller's "narrative economics". In addition, with the promotion of the media, a kind of popular thinking has been formed, and people have joined in this narrative, which has led to the rise of relevant asset prices. " In this regard, William, chief analyst of okex research, said

however, in the view of the instry, dog money is a real "air money". Even the founder of dogcoin himself admitted that the development of dogcoin was just a joke, but he didn't expect that dogcoin was still flowing around the world and had a market value of $2 billion

according to the data, dogcoin was born in 2013 by Australian Jackson Palmer. In 2018, Palmer published a signed article on the vice website, saying that he participated in ecation in the field of cryptocurrency and held a variety of cryptocurrencies, including dog coins worth less than $50

"dog coin is an imitation of encryption token, which is active in reddit community because of its low price and community friendliness. Since then, opportunists have cheated millions of dollars in the dogcoin community. In 2015, the swindlers disappeared and the community's interest in dog money declined. At that time, I decided not to participate in dogcoin and cryptocurrency any more, and gave the development of dogcoin to the trust and community team members. It never occurred to me that my dog coin, which I developed as a joke, would still flow around the world in 2018, with a market value of $2 billion. " Palmer pointed out in his article at that time

"just as the founders themselves call Dog Coin an imitation token, there are still so many people around the world chasing it up and speculating on it repeatedly. The most important factor is that the price is too low. For the general public, anyone can participate in the investment of Dog Coin which is only a fraction of RMB, even if it loses money, But what the makers attract is the post-90s. " Wang Heng said.

7. I don't know where the landlord said that he was attacked by hackers, but it's not impossible. Although blockchain is very popular at present, there is no absolute security for anything, even bitcoin

8. First of all, delete all the contents and files put by hackers, or find out which files have been modified (which can be seen from the modification time or from the website log) to replace the previous backup files, find out what files need to be deleted immediately, and then add the official patch of the website program;;; VPS sets the security dog carefully, and the best security level is high. Or your FTP login has not been turned off anonymity, and if the hacker enters your VPS, it is recommended to change the VPS password to find out if the hacker has placed any other files in the VPS... Don't worry, to solve bit by bit, and remember to back up the database, but also often back up the whole station, compressed download to their own computer, there is a backup is easy to solve some problems, hope to help you

9. According to your situation, this kind of attack on LAN is most likely to be that your computer is attacked and limited by software such as network law enforcement officer or P2P terminator. If your DNS has any feeling, the most likely way is to prevent ARP attack as follows
[fault principle]
in LAN, ARP protocol is used to convert IP address to MAC address. ARP protocol is of great significance to network security. ARP spoofing by forging IP address and MAC address can generate a lot of ARP traffic in the network and block the network
in LAN, two network devices must know each other's physical address, that is, MAC address, if they want to communicate with each other. The relationship between IP address and MAC address is just like the relationship between two residents Xiao Li and Xiao Zhang in two buildings a and B. Suppose Xiao Li lives in building a and Xiao Zhang lives in building B. Xiao Li wants to talk with Xiao Zhang across the building. Xiao Li must shout Xiao Zhang's name (MAC address) at building a before they can talk. Otherwise Xiao Li shouts B building (IP address), is unable to carry on the conversation. The contact between Xiao Li and Xiao Zhang before the conversation is completed through ARP agreement
arp is the abbreviation of address resolution protocol. The so-called "address resolution" is the process that the host converts the target IP address into the target MAC address before sending the frame. The basic function of ARP protocol is to query the MAC address of the target device through the IP address of the target device, so as to ensure the smooth progress of communication
every computer installed with TCP / IP protocol has an ARP cache table. The IP address in the table corresponds to the MAC address one by one, as shown in the table below

let's take host a (192.168.16.1) sending data to host B (192.168.16.2) as an example. When sending data, host a will look for the target IP address in its ARP cache table. If it is found, the target MAC address will be known. Just write the target MAC address into the frame and send it; If the corresponding IP address is not found in the ARP cache table, host a will send a broadcast on the network, and the target MAC address is "FF. FF. FF. FF. FF". This means to send such a query to all hosts in the same network segment: "what is the MAC address of 192.168.16.2?" Other hosts on the network do not respond to ARP queries. Only when host B receives this frame, it makes such a response to host a: "the MAC address of 192.168.16.2 is bb-bb-bb-bb-bb-bb". In this way, host a knows the MAC address of host B, and it can send information to host B. At the same time, it also updates its own ARP cache table. The next time it sends information to host B, it can directly search from the ARP cache table. ARP cache table adopts aging mechanism. If a row in the table is not used in a period of time, it will be deleted. This can greatly rece the length of ARP cache table and speed up the query speed
it can be seen from the above that the basis of ARP protocol is to trust all the people in the LAN, so it is easy to implement ARP Spoofing over Ethernet. To cheat target a, a goes to Ping host C and sends it to dd-dd-dd-dd-dd-dd address. If the MAC address of C is cheated to dd-dd-dd-dd-dd when cheating, then all the packets sent by a to C will be sent to d. It's just that D can receive the packet sent by A. sniffing is successful
a didn't realize the change at all, but what happened next made a suspicious. Because a and C can't connect. D receives the data packet sent by a to C, but does not transfer it to C
if you do "man in the middle" on D, you can redirect ARP. Turn on the IP forwarding function of D. the packets sent by a are forwarded to C, just like a router. However, if D sends ICMP redirection, the whole plan will be interrupted
d directly modifies and forwards the whole packet, captures the packets sent by a to C, modifies all the packets and forwards them to C, and the packets received by C are completely considered to be sent from a. However, the data packet sent by C is directly transmitted to A. if ARP spoofing is carried out to C again. Now D will be the bridge between a and C, and you can know the communication between a and C like the back of your hand

[solution]
e to the defects of ARP protocol, any host updates its ARP cache without any verification when it receives ARP packets. When ARP Spoofing occurs, it will change the IP + MAC direction of its gateway at will, which leads to the drop of line
the solution is to abandon this method of dynamically updating ARP cache and use the method specified by the administrator statically. In order to achieve the normal Internet behavior in a LAN, we must ensure the normal communication in two aspects: (1) the IP + MAC pointing to the local gateway on the host (computer) is correct 2) On the gateway (usually route), the IP + MAC pointing to the local computer is correct. According to the above two principles, we can ensure that the communication between all hosts and routers is normal, and we can prevent being cheated and causing dropping. The solution is to do two-way binding; Bind IP + MAC address of router on all local computers; Bind IP + MAC address of all computers on gateway (router)
1. How to bind IP + MAC addresses of all hosts (computers) on the router; Generally, it's relatively simple to bind IP + MAC addresses of all hosts on the router. Aitai technology even provides the function of binding IP + MAC addresses of all hosts with one click. Just click "bind all" to bind IP + MAC addresses of all computers at one time, as shown in the following figure:
2. How to bind IP + MAC addresses of gateway (router) on the host
1) first, obtain the MAC address of the router's intranet (for example, the MAC address of Hiper gateway address 192.168.16.254 is 0022aa0022aa)
2) open Notepad, write a batch file rarp.bat, save the suffix. Bat, the content is as follows:
@ echo off
arp - d
arp - s 192.168.16.254 00-22-aa-00-22-aa
note: change the gateway IP address and MAC address in the file to your own
3) drag the batch software to "Windows Start program start" to ensure that the batch file can be executed every time windows starts
3. After completing the above two steps, the bidirectional binding is completed. But in practice, after binding the IP + MAC address of the gateway (router) on the computer, some variant ARP Spoofing virus will delete the binding on the computer. It doesn't matter if only one computer's binding is deleted. However, when this virus starts to spread in the LAN and infects most of the hosts (computers), it is not necessary to delete the binding on the computer, The bidirectional binding mentioned above has essentially failed. At this time, there will still be a large area of offline in the LAN. In view of this situation, we recommend the following methods to enhance step 2:
1) skip the above step 2
2) install the stand-alone version of antiarp firewall, download address: http://www.antiarp.com/download.htm . In order to prevent the static binding on the host (computer) from being deleted, the software will automatically check every other period of time. If it is found to be deleted, it will rebind
3) manually set the IP address and MAC address of the gateway at the IP / MAC of the gateway, input the IP + MAC address of the gateway of your LAN, and confirm, as shown in the figure below:

4) keep the software started with the computer
4. How to check whether the static binding of the current host is effective
Enter ARP – a in the command line. If the type of the corresponding static binding is static, it means it has taken effect; If the type is dynamic, the binding is not in effect. As shown in the following figure:

[two way static binding problem]
through the above steps, we can complete the defense system against ARP spoofing in an ordinary LAN. But it is not easy to bind the IP + MAC address of gateway on all hosts (computers). Suppose that in a network of 200 computers, the network administrator will keep running back and forth on 200 computers, which is time-consuming and laborious. It is absolutely a test of the network administrator's enrance. In view of this situation, Aitai technology puts forward another solution: the gateway (router) regularly and directionally broadcasts the correct gateway (router) IP + MAC information to the LAN to prevent the LAN from cheating. Using this method, the network administrator only needs to do two steps, which can be easily done in 5 minutes:
1) bind all the IP + MAC addresses of the host (computer) on the gateway (router) with one key
2) enable the function of active defense against ARP attacks on the gateway (router), as shown in the figure below<

[solution to ARP spoofing in Internet cafe environment]
1. The general Internet cafe network environment has the following characteristics:
(1) all computers have fixed IP addresses
(2) the DHCP function is not enabled on the router
(3) the number of Internet cafes hosts is stable, and there will be no new hosts coming in and out of the network in the hotel environment
2. The solution to ARP attack in the environment of Aitai technology Internet bar:
method 1, do two-way binding
(1) bind all the IP + MAC addresses of the host with one key

(2) bind the IP + MAC address of the gateway (router) on the host (computer)
install the stand-alone version of antiarp firewall, download address: http://www.antiarp.com/download.htm . In the IP / MAC of the gateway, manually set the IP address and MAC address of the gateway, and enter the IP + MAC address of your LAN gateway. Keep the software started with the computer. As shown in the following figure:

method 2,
1) bind IP + MAC addresses of all hosts (computers) on the gateway (router) with one key
2) turn on the function of active defense against ARP attack on the gateway (router)<

[solutions to ARP spoofing in the environment of small and medium-sized enterprises]

1. The general network environment of small and medium-sized enterprises has the following characteristics:
(1) the host computers of all computers are mixed with fixed IP addresses and dynamic DHCP assigned IP addresses
(2) the DHCP function is enabled on the router
(3) the number of hosts in the network of small and medium-sized enterprises is relatively stable, and there will be no new hosts coming in and out of the network in the hotel environment

2. Solutions to ARP attacks in the environment of Aitai technology's small and medium-sized enterprises:
method 1, two-way binding
(1), binding IP + MAC address of dynamic host on gateway (router); For the host that dynamically allocates IP address by DHCP, the network administrator does a good job of DHCP binding on the gateway (router) in advance, as shown in the figure below. After binding, the IP address that Li Xiaoming's computer dynamically allocates each time is 192.168.1.100

(2) IP + MAC address of host bound with fixed IP address on gateway (router)

(3) IP + MAC address of the gateway bound on the host (computer)
install the stand-alone version of antiarp firewall, download address: http://www.antiarp.com/download.htm . IP in gateway/

10.

1. First, close the website

2, enable the website backup

3, check the code, and remove the code of the non self website. You can go to the source code to find it

in case of prevention, open a web firewall: web link is a protection system developed by the Ministry of public security, which can be used. It seems that it is free for one year, and the server downloads a safety dog, etc. If you don't have a clear word or two here, you can send me a private letter