Can you provide some more information please, such why you believe ‘ARP’ may be responsibly for blocking your Internet connection, describe what is being blocked and if you have any details of the blocks from the firewall/D+ log files.
Hi Radaghast and thanks for the reply.
As soon as i check one of them or both (“Protect the ARP Cache” and “Block Gratuitous ARP Frames”) internet stops working and starts to work again if i uncheck them.
I did check the logs but nothing blocked showed up. The only thing that showed up (not blocked)are the subnetmask when i enable arp and that is on the firewalltab. Maybe the gateway are the culprit? MAC?
I use this config…“Block all incoming connections and make my ports stealth for everyone”. Im not using CFW at the moment so that is all i can recall. (stopped using CFW when arp blocked my connection.)
I did some “research” and it seems that its a common problem with people advising others to just uncheck the arp. Imho that’s not a solution.
The only thing I can think of is some incomparability between the ARP protection features of CIS and something in your environment, the USB modem perhaps. As you probably know, ARP is a very simple protocol, whose function is to convert IP addresses to MAC addresses and to maintain a table of such translations.
As the protocol is broadcast based, the protection mechanisms in CIS are typically of little use to most ‘home’ users who are behind a router, simply because ARP attacks typically require physical access to the network, hence my previous question.
If you absolutely need some sort of ARP protection and CIS is causing you problems, you could use static entries, although that might be a little impractical in your situation but it may be worth a look. There’s a useful tool here. If you’re using XP you can also take a look at winarpwatch. There are others.
I don’t know for sure how the ARP cache protection feature works in CIS but I’m pretty confident the IP addresses of devices on the segment aren’t going to make any difference to whether ARP protection in CIS causes problems for you. As I said, ARP is really quite a simple protocol with very little to do apart from identify a MAC address from an IP address and then store that information in a table, which is consulted every time a connection is attempted to a remote device.
With typical ARP cache poisoning attacks, the attacker attempts to place an entry in the ARP cache of your PC, which redirects traffic through their workstation instead of sending it to the ‘real’ gateway. If you were to create and maintain, which on windows is a bit of a pain, a static entry for the gateway, you should be able to circumvent this.
With regard to blocking gratuitous arp requests, you might want to consider the reasons for not enabling this option before doing so. In fact there are numerous reasons why blocking these frames can actually be quite detrimental to network communication. However, that choice is yours.
The aforementioned aside, can you provide any additional information about the problems you’re experiencing, as the partial IP addresses of a few devices doesn’t tell us very much.
DHCPNACK messages are not all that uncommon and may be generated for a number of reasons. A typical scenario is where your client attempts to renew it’s current IP address with the DHCP server and for whatever the DHCP server denies the request. If these messages are occurring very frequently, I’d suggest speaking with your ISP, as it may indicate a problem with their DHCP service.