1 introduction to arp scanning prevention function, Ntroduction to, Canning – PLANET XGS3-24040 User Manual

Chapter 22 ARP Scanning Prevention Function Configuration

22-1

Chapter 22 ARP Scanning Prevention

Function Configuration

22.1 Introduction to ARP Scanning Prevention Function

ARP scanning is a common method of network attack. In order to detect all the active hosts in a network

segment, the attack source will broadcast lots of ARP messages in the segment, which will take up a large

part of the bandwidth of the network. It might even do large-traffic-attack in the network via fake ARP

messages to collapse of the network by exhausting the bandwidth. Usually ARP scanning is just a preface of

other more dangerous attack methods, such as automatic virus infection or the ensuing port scanning,

vulnerability scanning aiming at stealing information, distorted message attack, and DOS attack, etc.

Since ARP scanning threatens the security and stability of the network with great danger, so it is very

significant to prevent it. XGS3 series switch provides a complete resolution to prevent ARP scanning: if there

is any host or port with ARP scanning features is found in the segment, the switch will cut off the attack source

to ensure the security of the network.

There are two methods to prevent ARP scanning: port-based and IP-based. The port-based ARP scanning

will count the number to ARP messages received from a port in a certain time range, if the number is larger

than a preset threshold, this port will be “down”. The IP-based ARP scanning will count the number to ARP

messages received from an IP in the segment in a certain time range, if the number is larger than a preset

threshold, any traffic from this IP will be blocked, while the port related with this IP will not be “down”. These

two methods can be enabled simultaneously. After a port or an IP is disabled, users can recover its state via

automatic recovery function.

To improve the effect of the switch, users can configure trusted ports and IP, the ARP messages from which

will not be checked by the switch. Thus the load of the switch can be effectively decreased.

22.2 ARP Scanning Prevention Configuration Task Sequence

1． Enable the ARP Scanning Prevention function.

2． Configure the threshold of the port-based and IP-based ARP Scanning Prevention

3． Configure trusted ports

4． Configure trusted IP

5． Configure automatic recovery time

6． Display relative information of debug information and ARP scanning

1. Enable the ARP Scanning Prevention function.

Command

Explanation

Global configuration mode

anti-arpscan enable

no anti-arpscan enable

Enable or disable the ARP Scanning

Prevention function globally.