F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Attack Protection Configuration Guide-6PW100
49
2BConfiguring ARP attack protection
ARP attacks and viruses threaten LAN security. This chapter describes multiple features used to detect and
prevent such attacks.
13B
Overview
Although ARP is easy to implement, it provides no security mechanism and is vulnerable to network
attacks. An attacker can exploit ARP vulnerabilities to attack network devices in the following ways:
• Acts as a trusted user or gateway to send ARP packets so the receiving devices obtain incorrect ARP
entries.
• Sends a large number of unresolvable IP packets (ARP cannot find MAC addresses for those
packets) to keep the receiving device busy with resolving destination IP addresses until the CPU is
overloaded.
• Sends a large number of ARP packets to overload the CPU of the receiving device.
For more information about ARP attack features and types, see ARP Attack Protection Technology White
Paper.
14B
ARP attack protection configuration task list
Perform the following tasks to prevent flood attacks:
Task Remarks
323H
Configuring
unresolvable IP attack
protection
324H
Configuring ARP
source suppression
Optional.
Configure this function on gateways (recommended).
325H
Enabling ARP black
hole routing
Optional.
Configure this function on gateways (recommended).
326H
Configuring source MAC based ARP attack
detection
Optional.
Configure this function on gateways (recommended).
Perform the following tasks to prevent user and gateway spoofing:
Task Remarks
327H
Configuring ARP packet source MAC consistency
check
Optional.
Configure this function on gateways (recommended).
328H
Configuring ARP active acknowledgement
Optional.
Configure this function on gateways (recommended).
329H
Configuring periodic sending of gratuitous ARP
packets
Optional.
Configure this function on gateways (recommended).
330H
Configuring ARP detection
Optional.
Configure this function on gateways (recommended).