Configuration procedure, 3 configuration procedure – TP-Link Omada ER8411 VPN Router User Manual

Page 127

Advertising
background image

User Guide 118

Configuring Firewall

Configuration Examples

The attacker pretends to be legal terminal hosts and sends fake ARP packets to the router,

cheating the router into recording wrong ARP maps of the hosts. As a result, packets from

the gateway cannot be correctly sent to the hosts. To protect the router from this kind of

attack, you can configure Anti ARP Spoofing on the router.

Imitating Gateway and Cheating Hosts

These two attacks are aimed at the terminal hosts.
Imitating Gateway means that the attacker imitates the gateway and sends fake ARP

packets to the hosts. As a result, the hosts record wrong ARP map of the gateway and

cannot send packets to the router correctly.
Cheating Hosts means that the attacker pretends to be a legal host and sends fake ARP

packets to other hosts. As a result, the cheated hosts record an incorrect ARP map of the

legal host and cannot send packets to legal host correctly.
To protect the hosts from the attacks above, it is recommend to take both of the

precautions below.

» Configure the firewall feature on the hosts.

» Configure the router to send GARP packets to the hosts when the router detects ARP

attacks. The GARP packets will inform the hosts of the correct ARP maps, and the

wrong ARP maps in the hosts will be replaced by the correct ones.

In conclusion, to protect the network from ARP attacks, we should make sure both the

router and the hosts are configured with the relevant ARP defense features. Here we

introduce how to configure Anti ARP Spoofing on the router. There are mainly three steps:
1) Get the IP and MAC addresses of the legal hosts and bind them to the IP-MAC Binding

list.

2) Enable Anti ARP Spoofing.
3) Configure the router to send GARP packets when ARP attacks are detected.

3.1.3 Configuration Procedure

Follow the steps below to configure Anti ARP Spoofing on the router:
1) Choose the menu

Firewall > Anti ARP Spoofing > IP-MAC Binding

to load the following

page. In the

IP-MAC Binding List

section, click

Add

.

Advertising
See also other documents in the category TP-Link Routers: