Arp protection in 3.0.10.228[Resolved]

jasper2408 · October 28, 2007, 4:15pm

I noticed that Arp protection was added to this beta and was curious as to exactly what it stops. Mind you I am not going to threaten to hold my breath until I get an answer, but, I am curious to find out what this feature protects me against.

I have been following Stem’s posts over at Wilder’s Forum about this subject as it is implemented in the Jetico firewall. From what I can tell he is looking for protection against someone trying to assign a fake MAC address to the Gateway address. Does the ARP protection implemented in version 3.0.10.228 stop this?

Since national ISP’s are starting to set multiple users up on the same LAN then ARP could become a problem.

He uses NetCut to test this but so far the download is not available from that site for me to test it.

Here is the post I am refering to:
For Stem,Wat0114,Diver(and others)-what firewall do you recommend me? | Wilders Security Forums Down near the bottom of the post.

jasper

ubuntu · October 28, 2007, 9:04pm

Jetico V2.0.0.37 Stateful ARP enabled to prevent ARP poisoning Stateful ARP rule now protects from ARP DoS attack. Low level protocol rule can check ARP opcode, source and destination IP addresses now. limits incoming ARP requests rate

I don’t think CFP beta has strong protection against ARP attack as Jetico v2 does.

I hope Egemen give more info/ruleset/configuration about anti ARP spoofing.

egemen · October 29, 2007, 2:36am

There has been a long discussion about this topic somewhere in the forum guys. https://forums.comodo.com/leak_testingattacksvulnerability_research/warning_this_firewall_does_not_protect_anyone_it_is_easy_to_bypass-t12265.0.html

Stateful ARP packet analysis is there in CFP in order to protect the arp cache.

jasper2408 · October 30, 2007, 3:47am

Thanks egemen, I went back to read the whole discussion and that is what I wanted to know.

jasper