+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1
Chapter 23 ARP Scanning Prevention Function
Configuration
23.1 Introduction to ARP Scanning
Prevention Function
ARP scanning is a common method of network attack. In order to detect all the active hosts in
a network segment, the attack source will broadcast lots of ARP messages in the segment,
which will take up a large part of the bandwidth of the network. It might even do large-traffic-
attack in the network via fake ARP messages to collapse of the network by exhausting the
bandwidth. Usually ARP scanning is just a preface of other more dangerous attack methods,
such as automatic virus infection or the ensuing port scanning, vulnerability scanning aiming at
stealing information, distorted message attack, and DOS attack, etc.
Since ARP scanning threatens the security and stability of the network with great danger, so it
is very significant to prevent it. Switch provides a complete resolution to prevent ARP
scanning: if there is any host or port with ARP scanning features is found in the segment, the
switch will cut off the attack source to ensure the security of the network.
There are two methods to prevent ARP scanning: port-based and IP-based. The port-based
ARP scanning will count the number to ARP messages received from a port in a certain time
range, if the number is larger than a preset threshold, this port will be “down”. The IP-based
ARP scanning will count the number to ARP messages received from an IP in the segment in a
certain time range, if the number is larger than a preset threshold, any traffic from this IP will
be blocked, while the port related with this IP will not be “down”. These two methods can be
enabled simultaneously. After a port or an IP is disabled, users can recover its state via
automatic recovery function.
To improve the effect of the switch, users can configure trusted ports and IP, the ARP
messages from which will not be checked by the switch. Thus the load of the switch can be
effectively decreased.
23.2 ARP Scanning Prevention
Configuration Task Sequence
Enable the ARP Scanning Prevention function.
Configure the threshold of the port-based and IP-based ARP Scanning Prevention
Configure trusted ports
To Next Page
Loading...
Need help?
General
