Operation Manual
Plug-Ins
42
detect and block. This ARP spoofing enables hackers to be able to 'sniff' (read)
packets and view any data in transit, to direct traffic to non-existent hardware
causing delays in data transmission or a denial of service on the affected equipment.
Specialized hacker sniffing programs can also intercept traffic, including chat
sessions and related private data such as password entries, names, addresses, and
even encrypted files, by modifying MAC addresses at the Internet gateway.
• Protect my IP addresses from being false reported as used. Detects cases where
two or more hosts share the same IP address. This can be due to an attacker
attempting to gain access to network traffic or block a computer from accessing the
network, but could also happen legitimately where an ISP uses multiple servers for
load-sharing. If enabled, Outpost Firewall Pro blocks ARP replies that have the
same IP (but different MAC's) and thus protects computer from the IP address
duplication consequences.
• Block hosts enumerating other computers on LAN. Limits the number of ARP
requests enumerating IP addresses from one MAC address during a specified time
interval which can imply network scanning. Some massively propagating viruses
use mass host enumeration to hop from one computer to another, infecting them as
they go. This technique is also used by scanners and vulnerability analyzers.
You can also select attacks that Outpost Firewall is to detect and avert. By default Outpost
Firewall handles more than fifteen types of attacks and exploits, but you can choose to not
detect certain attack types in order to eliminate frequent false positive alert messages that
may be appearing if a service in your network, for example, acts like an attack source.