R3166-R3206-HP High-End Firewalls Attack Protection Configuration Guide-6PW101
32
ARP attack protection configuration
The Address Resolution Protocol (ARP) is easy to use, but it is often exploited by attackers because of its
lack of security mechanism. ARP attacks and ARP viruses bring big threats to LANs. To avoid such attacks
and viruses, the firewall provides multiple techniques to detect and prevent them.
The following describes the principles and configuration of these techniques.
Configuring periodic sending of gratuitous ARP
packets
NOTE:
The firewall supports configuring periodic sending of gratuitous ARP packets only in the web interface.
Introduction to periodic sending of gratuitous ARP packets
If an attacker sends spoofed gratuitous ARP packets to hosts on a network, traffic that the hosts want to
send to the gateway is sent to the attacker instead. As a result, the hosts cannot access external networks.
To prevent such ARP attacks, you can enable the gateway’s interfaces to send gratuitous ARP packets
regularly. In this case, the gateway interface will regularly send gratuitous ARP packets containing the
primary IP address and manually configured secondary IP address of the interface. Thus, the hosts in the
network segment can learn the correct gateway and can therefore access the external network normally.
Configuring periodic sending of gratuitous ARP packets
Select Firewall > ARP Anti-Attack > Send Gratuitous ARP from the navigation tree to enter the Send
Gratuitous ARP page, as shown in Figure 28.
Figure 28 Configure periodic sending of gratuitous ARP packets