HP VPN Firewall Appliances Attack Protection Configuration Guide
48
Configuring ARP attack protection
ARP attacks and viruses threaten LAN security. This chapter describes multiple features used to detect and
prevent such attacks.
Overview
Although ARP is easy to implement, it provides no security mechanism and is vulnerable to network
attacks. An attacker can exploit ARP vulnerabilities to attack network devices in the following ways:
• Acts as a trusted user or gateway to send ARP packets so the receiving devices obtain incorrect ARP
entries.
• Sends a large number of unresolvable IP packets (ARP cannot find MAC addresses for those
packets) to keep the receiving device busy with resolving destination IP addresses until the CPU is
overloaded.
• Sends a large number of ARP packets to overload the CPU of the receiving device.
For more information about ARP attack features and types, see ARP Attack Protection Technology White
Paper.
ARP attack protection configuration task list
Perform the following tasks to prevent flood attacks:
Task Remarks
Configuring
unresolvable IP attack
protection
Configuring ARP
source suppression
Optional.
Configure this function on gateways (recommended).
Enabling ARP
blackhole routing
Optional.
Configure this function on gateways (recommended).
Configuring source MAC-based ARP attack
detection
Optional.
Configure this function on gateways (recommended).
Perform the following tasks to prevent user and gateway spoofing:
Task Remarks
Configuring ARP packet source MAC consistency
check
Optional.
Configure this function on gateways (recommended).
Configuring ARP active acknowledgement
Optional.
Configure this function on gateways (recommended).
Configuring periodic sending of gratuitous ARP
packets
Optional.
Configure this function on gateways (recommended).