3com S7906E Instrução De Instalação

 

1-1 

When configuring ARP attack Protection, go to these sections for information you are interested in: 

z 

z 

z 

Configuring Source MAC Address Based ARP Attack Detection 

z 

z 

Configuring ARP Detection 

Although ARP is easy to implement, it provides no security mechanism and thus is prone to network 

attacks. An attacker can send 

z 

ARP packets by acting as a trusted user or gateway. As a result, the receiving device obtains 

incorrect ARP entries, and thus a communication failure occurs. 

z 

A large number of IP packets with unreachable destinations. As a result, the receiving device 

continuously resolves destination IP addresses and thus its CPU is overloaded. 

z 

A large number of ARP packets to bring a great impact to the CPU. 

For details about ARP attack features and types, refer to ARP Attack Protection Technology White 

Paper. 

Currently, ARP attacks and viruses are threatening LAN security. The device can provide multiple 

features to detect and prevent such attacks. This chapter mainly introduces these features. 

Complete the following tasks to configure ARP attack Protection: 

Optional 

Configure this function on gateways (recommended).

Flood prevention

 

Enabling ARP Black 
Hole Routing 

Optional 

Configure this function on gateways (recommended).

Configuring ARP Active Acknowledgement 

Optional 

Configure this function on gateways (recommended).

Configuring Source MAC Address Based 
ARP Attack Detection 

Optional 

Configure this function on gateways (recommended).

Configuring ARP Packet Rate Limit 

Optional 

Configure this function on gateways (recommended).

Optional 

Configure this function on gateways and access 
devices (recommended).