Shulou(Shulou.com)06/01 Report--

There are two common types of ARP***. One is ARP spoofing. By sending forged ARP messages, * * users maliciously modify the ARP entries of gateways or other hosts in the network, resulting in abnormal packet forwarding of users or networks. The other is ARP flooding *, also known as denial of Service * * (Denial of Service). * users send a large number of fake IP request messages or free messages to the device that cannot be parsed by the destination ARP address, resulting in overflow of ARP entries on the device and inability to cache normal users' ARP entries, thus affecting normal message forwarding.

These two types of ARP*** result in:

☉ causes network instability, causing users to be unable to access the Internet or enterprises to cut off the network, resulting in major production accidents.

☉ illegally obtains accounts and passwords of games, online banking, file services and other systems, causing heavy losses to the interests of the victims.

Through the processing of validity check and rate limit of ARP packets, we can make up for the shortcomings of ARP protocol, prevent ARP protocol and network segment scanning based on ARP protocol, and ensure the security of network equipment and network communication.

* Type

ARP spoofing configuration ARP message validity check device checks the consistency of the source and destination MAC addresses in the etheric message header and the source and destination MAC addresses in the ARP message data area when the device receives the ARP message. If the source and destination MAC addresses in the etheric message header are inconsistent with the source and destination MAC addresses in the ARP message data area, the ARP message is discarded directly. Otherwise, the ARP message is allowed to pass. For the sake of security or management, users forbid the specified interface to learn the function of ARP items, which can effectively prevent the overflow of ARP items and ensure the security of ARP items. Configure ARP entry strict learning devices only learn the reply messages of ARP request messages sent by themselves, and do not learn the ARP request messages sent by other devices to the router, that is, they can reject most of the ARP request messages. Configuring ARP items to limit the total number of ARP items learned by the device based on the interface can effectively prevent the overflow of ARP items and ensure the security of ARP items. Configure the ARP message speed limit device to count the number of ARP messages. within a certain period of time, if the number of ARP messages exceeds the configured threshold, the excess ARP messages will be ignored, and the device will not do any processing to effectively prevent ARP items from overflowing.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.