1 introduction to arp scanning prevention function, Ntroduction to, Canning – PLANET WGSW-52040 User Manual

Page 239: Revention, Unction

Advertising
background image

Chapter 27 ARP Scanning Prevention

Function Configuration

27.1 Introduction to ARP Scanning Prevention

Function

ARP scanning is a common method of network attack. In order to detect all the active hosts in

a network segment, the attack source will broadcast lots of ARP messages in the segment,

which will take up a large part of the bandwidth of the network. It might even do

large-traffic-attack in the network via fake ARP messages to collapse of the network by

exhausting the bandwidth. Usually ARP scanning is just a preface of other more dangerous

attack methods, such as automatic virus infection or the ensuing port scanning, vulnerability

scanning aiming at stealing information, distorted message attack, and DOS attack, etc.

Since ARP scanning threatens the security and stability of the network with great danger, so it

is very significant to prevent it. Switch provides a complete resolution to prevent ARP scanning:

if there is any host or port with ARP scanning features is found in the segment, the switch will

cut off the attack source to ensure the security of the network.

There are two methods to prevent ARP scanning: port-based and IP-based. The port-based

ARP scanning will count the number to ARP messages received from a port in a certain time

range, if the number is larger than a preset threshold, this port will be “down”. The IP-based

ARP scanning will count the number to ARP messages received from an IP in the segment in a

certain time range, if the number is larger than a preset threshold, any traffic from this IP will be

blocked, while the port related with this IP will not be “down”. These two methods can be

enabled simultaneously. After a port or an IP is disabled, users can recover its state via

automatic recovery function.

To improve the effect of the switch, users can configure trusted ports and IP, the ARP

messages from which will not be checked by the switch. Thus the load of the switch can be

effectively decreased.

27-18

Advertising
Popular Brands
Popular manuals