* Home Help Search Login Register  

Welcome, Guest. Please login or register.
Did you miss your activation email?
May 20, 2013, 11:04:52 AM

Login with username, password and session length

663245 Posts
70512 Topics
145174 Members
Latest Member: BERNARDBERNS

more news...
Search:     Advanced search | Tag Cloud
+  Welcome to the Comodo Forum
|-+  Archived Boards
| |-+  Discontinued Products
| | |-+  Comodo Firewall
| | | |-+  CFP BETA Corner
| | | | |-+  Arp protection in 3.0.10.228[Resolved]		 « previous next »
Pages: [1] Go Down Print
Author Topic: Arp protection in 3.0.10.228[Resolved]  (Read 2333 times)
jasper2408
Comodo's Hero
*****
Offline Offline

Posts: 651
« on: October 28, 2007, 11:15:45 AM »
I noticed that Arp protection was added to this beta and was curious as to exactly what it stops. Mind you I am not going to threaten to hold my breath until I get an answer, but, I am curious to find out what this feature protects me against.

I have been following Stem's posts over at Wilder's Forum about this subject as it is implemented in the Jetico firewall. From what I can tell he is looking for protection against someone trying to assign a fake MAC address to the Gateway address. Does the ARP protection implemented in version 3.0.10.228 stop this?

Since national ISP's are starting to set multiple users up on the same LAN then ARP could become a problem.

He uses NetCut to test this but so far the download is not available from that site for me to test it.


Here is the post I am refering to:
http://www.wilderssecurity.com/showthread.php?t=189228   Down near the bottom of the post.


jasper
« Last Edit: November 18, 2007, 12:05:20 PM by Melih » Logged
CFP 3.0.22.327beta  CMF   Avast Pro  SAS Pro Sandboxie Win XP PRO SP2 (x32)
ubuntu
Comodo Member
**
Offline Offline

Posts: 45
« Reply #1 on: October 28, 2007, 04:04:38 PM »
Quote
Jetico V2.0.0.37
Stateful ARP enabled to prevent ARP poisoning
Stateful ARP rule now protects from ARP DoS attack.
Low level protocol rule can check ARP opcode, source and destination IP addresses now.
limits incoming ARP requests rate


I don't think CFP beta has strong protection against ARP attack as Jetico v2 does.

I hope Egemen give more info/ruleset/configuration about anti ARP spoofing.

http://www.wilderssecurity.com/showthread.php?t=188952
Logged
Whereof one cannot speak  thereof one must be silent
Comodo Firewall - The Hackers' Choice
egemen
Comodo Staff
Comodo's Hero
*****
Offline Offline

Posts: 3269
« Reply #2 on: October 28, 2007, 09:36:39 PM »
There has been a long discussion about this topic somewhere in the forum guys.  http://forums.comodo.com/leak_testingattacksvulnerability_research/warning_this_firewall_does_not_protect_anyone_it_is_easy_to_bypass-t12265.0.html

Stateful ARP packet analysis is there in CFP in order to protect the arp cache.

Logged
jasper2408
Comodo's Hero
*****
Offline Offline

Posts: 651
« Reply #3 on: October 29, 2007, 10:47:57 PM »
Quote from: egemen on October 28, 2007, 09:36:39 PM
There has been a long discussion about this topic somewhere in the forum guys.  http://forums.comodo.com/leak_testingattacksvulnerability_research/warning_this_firewall_does_not_protect_anyone_it_is_easy_to_bypass-t12265.0.html

Stateful ARP packet analysis is there in CFP in order to protect the arp cache.



Thanks egemen, I went back to read the whole discussion and that is what I wanted to know.


jasper
« Last Edit: October 29, 2007, 10:51:51 PM by jasper2408 » Logged
CFP 3.0.22.327beta  CMF   Avast Pro  SAS Pro Sandboxie Win XP PRO SP2 (x32)
Tags:
Pages: [1] Go Up Print 
« previous next »
Jump to:  

SSL Certificate Free Virus Removal Firewall
Page created in 0.065 seconds with 22 queries.
Powered by SMF 1.1.18 | SMF © 2006, Simple Machines Design by 7dana.com