Anti-ARP spoofing

Hello,

I have a question about this option. I recently noticed that I’ve been getting blocked intrusions using the ARP protocol. Both the source and destination IP are the same every time, and I’ve read on the forum this is normal behavior and nothing to worry about. However, what I’d like to know is if there is any negative effect to blocking these requests (second PC sends one every hour or so)? Am I stopping my other devices from doing something important? I know this option is not very important for a home network, but if it has no negative impact on my network, I might as well leave it on. Better safe than sorry.

While I’m at it, I have a second question. I’ve been getting intrusions on port 0 (originating from the port 0 of another IP). I am now behind a router so I shouldn’t get any intrusions at all, so I found this a bit odd. After a bit of investigating, I found out it seems to be happening only when utorrent is running. Am I right in thinking these are simply “invalid” packets dropped by utorrent and nothing to worry about?

Thanks.

The below link, and the post below that, should answer your question.

https://forums.comodo.com/firewall-help-cis/arp-protocol-blocked-t104100.0.html;msg757334#msg757334

Thanks for replying.

I came across this thread during my research, which is how I concluded nothing bad was going on on my network. Perhaps I’m not really good at reading between the lines, but this doesn’t really tell me if blocking these ARP requests can cause issues on a LAN or not (like loss of connectivity, it seems like some people experienced this in the past). Blocking gratuitous ARP requests sounds harmless to me, but I am very far form being an expert.

Regarding my second question, I did a bit more research and it appears this is fragmented packets. If I understand how this works correctly, I guess the main packet is received by utorrent and the smaller one gets lost and blocked by Comodo. Doesn’t seem like an attack in any case.