An ARP object has the following properties:
Mode
The type of ARP object. As explained above, this can be one of:
• Static - Create a fixed mapping in the local ARP cache.
• Publish - Publish an IP address on a particular MAC address (or this
interface).
• XPublish - Publish an IP address on a particular MAC address and "lie"
about the sending MAC address of the Ethernet frame containing the ARP
response.
Interface
The local physical Ethernet interface for the ARP object.
IP Address
The IP address for the MAC/IP mapping.
MAC Address
The MAC address for the MAC/IP mapping. If it is omitted, the MAC address of
the Ethernet interface is used.
The three publishing mode options for ARP objects of Static, Publish and XPublishare further
explained next.
Static Mode ARP Objects
A Static ARP object inserts a mapping into the NetDefendOS ARP cache which connects a
specified IP address with the associated Ethernet interface's MAC address.
This mode is not for publishing the address for external devices but rather for telling NetDefendOS
itself how to reach external devices. A static ARP entry tells NetDefendOS that a specific IP address
can be reached through a specific interface using a specific MAC address. This means, that when
NetDefendOS wants to communicate with the address, it consults the ARP table static entries and
can determine that it can be reached at a specific MAC address on a specific interface.
The most frequent use of static ARP objects is in situations where some external network device is
not responding to ARP requests correctly and is reporting an incorrect MAC address. Some network
devices, such as wireless modems, can have these problems.
It may also be used to lock an IP address to a specific MAC address for increasing security or to
avoid denial-of-service if there are rogue users in a network. However, such protection only applies
to packets being sent to that IP address. It does not apply to packets being sent from that IP address.
Publish and XPublish Modes
With Publish and XPublish modes, the ARP object creates an association between an IP address and
a MAC address for publishing on the interface to external devices.
If the MAC address is not specified, the MAC address of the associated Ethernet interface is used.
The Difference Between Publish and XPublish Modes
To understand the difference between Publish and XPublish it is necessary to understand that when
NetDefendOS responds to an ARP query, there are two MAC addresses in the Ethernet frame sent
back with the ARP response:
1. The MAC address in the Ethernet frame of the Ethernet interface sending the response.
2. The MAC address in the ARP response which is contained within this frame. This is usually
the same as (1) the source MAC address in the Ethernet frame but does not have to be.
3.5.3. ARP Publish Chapter 3. Fundamentals
131
To Next Page
Loading...
