Arp blocks my internet connection.

Arp blocks my internet connection.
How do i configure Comodo fw so that arp would work?
Im using a mobilebroadband dongle (dynamic IP).
Please help, thanks.




dhcp server

dnsservers yyy.yy.yyy.yyy

Can you provide some more information please, such why you believe ‘ARP’ may be responsibly for blocking your Internet connection, describe what is being blocked and if you have any details of the blocks from the firewall/D+ log files.

Hi Radaghast and thanks for the reply.
As soon as i check one of them or both (“Protect the ARP Cache” and “Block Gratuitous ARP Frames”) internet stops working and starts to work again if i uncheck them.
I did check the logs but nothing blocked showed up. The only thing that showed up (not blocked)are the subnetmask when i enable arp and that is on the firewalltab. Maybe the gateway are the culprit? MAC?

I use this config…“Block all incoming connections and make my ports stealth for everyone”. Im not using CFW at the moment so that is all i can recall. (stopped using CFW when arp blocked my connection.)
I did some “research” and it seems that its a common problem with people advising others to just uncheck the arp. Imho that’s not a solution.

Are you behind a router, if so, what kind of connection are you using, wired or wifi? If wifi, is it an open network?

Im only using a 3g mobile broadband dongle (dynamic IP). No router.

The only thing I can think of is some incomparability between the ARP protection features of CIS and something in your environment, the USB modem perhaps. As you probably know, ARP is a very simple protocol, whose function is to convert IP addresses to MAC addresses and to maintain a table of such translations.

As the protocol is broadcast based, the protection mechanisms in CIS are typically of little use to most ‘home’ users who are behind a router, simply because ARP attacks typically require physical access to the network, hence my previous question.

If you absolutely need some sort of ARP protection and CIS is causing you problems, you could use static entries, although that might be a little impractical in your situation but it may be worth a look. There’s a useful tool here. If you’re using XP you can also take a look at winarpwatch. There are others.

Thank you for your reply Radaghast, i appreciate you taking the time to help others out.
I still want arp (Comodo) to work properly :slight_smile:

These addresses below are similar except for the last digit, could that be the reason?

dhcp server

Surely this must be a common “problem” for 3g mobilebroadband users?

I don’t know for sure how the ARP cache protection feature works in CIS but I’m pretty confident the IP addresses of devices on the segment aren’t going to make any difference to whether ARP protection in CIS causes problems for you. As I said, ARP is really quite a simple protocol with very little to do apart from identify a MAC address from an IP address and then store that information in a table, which is consulted every time a connection is attempted to a remote device.

With typical ARP cache poisoning attacks, the attacker attempts to place an entry in the ARP cache of your PC, which redirects traffic through their workstation instead of sending it to the ‘real’ gateway. If you were to create and maintain, which on windows is a bit of a pain, a static entry for the gateway, you should be able to circumvent this.

With regard to blocking gratuitous arp requests, you might want to consider the reasons for not enabling this option before doing so. In fact there are numerous reasons why blocking these frames can actually be quite detrimental to network communication. However, that choice is yours.

The aforementioned aside, can you provide any additional information about the problems you’re experiencing, as the partial IP addresses of a few devices doesn’t tell us very much.

Hi Radaghast
sorry to bother you again…

Installed CFW in order to provide more info.
Nothing blocked shows up in the C log.

Windows event viewer:

The IP address lease for the Network Card with network address yyyyyyyyy has been denied by the DHCP server (The DHCP Server sent a DHCPNACK message).

DHCPNACK messages are not all that uncommon and may be generated for a number of reasons. A typical scenario is where your client attempts to renew it’s current IP address with the DHCP server and for whatever the DHCP server denies the request. If these messages are occurring very frequently, I’d suggest speaking with your ISP, as it may indicate a problem with their DHCP service.

Hi Radaghast
My bad, i didnt clarify…
I get those messages only when i enable ARP in Comodo.

I don’t really see how the two can be related, they’re quite different processes. Also, ARP won’t be involved in the decision to reject an IP address lease or renewal.

Best I can suggest, if you believe there’s a problem with the ARP protection feature, is to post a Bug Report, with all the details you can. Just use the template