網管至少得具備一點英文基礎吧....
We have a residential (ie: I don't control what is on them) network here of up to 500 computers at any one time. Currently there is a machine doing an ARP-cache poisoning attack against the network. For some unknown reason, it is inserting the string "1^LIBraBBGvB8i~o+Z~UU?L5{B~SLIB5C" into HTTP responses just after the HTTP headers. I presume (NOTE: this is speculation, I have not yet been able to examine the machine in question) that this is due to a trojan/worm or other malware on the system performing the attack, possibly trying to spread itself to other computers on the subnet accessing the web running a vulnerable web browser - although I have not yet identified the effect of that string, so it may be for some other purpose.
I suggest you check other machines on your network for possible compromises.
Use a program like wireshark to examine network traffic to see if there are a continuous stream of ARP responses that _appear_ to be from your router to every other IP address in the subnet, but telling them in incorrect MAC - the computer with that MAC will be the culprit - you may use nmap to find the IP address of the machine. Alternatively if you are using a managed switch, you can look for the MAC that maps to just about every IP address on the subnet.
這是 MSDN 論壇的回覆, 看看有沒有幫助