The help page describing the configuration for the Attack Detection Settings is missing a description of the ARP settings:
- Protect the ARP cache
- Block gratuitous ARP frames
“The ARP cache is a table which stores mappings between Data Link Layer addresses and Network Layer addresses. The Data Link Layer addresses are usually MAC addresses and the Network Layer addresses are most frequently IP addresses. The ARP cache is stored in RAM by the Operating System.”
“The Microsoft Windows ARP cache will occasionally become corrupt and need to be cleared. The first symptom you are likely to notice is that connections to web pages will time out and fail. If you troubleshoot further, you will notice that you can ping your IP address and also 127.0.0.1, but not other IP addresses.
To fix this error, you will need to clear the ARP cache. This is done with the netsh command: ‘netsh interface ip delete arpcache’.”
(From http://www.tech-faq.com)
Since the ARP cache can become corrupt (or have invalid entries), why would I want to protect it? It is a cache. It might speed up the session establishment between hosts but I would think that I’d rather lose it (by clearing it) rather than keep around possibly invalid entries. The same is true for the cache used by the DNS client service although its retention times are short enough not to encounter problems with invalid cached DNS rejections.
In fact, the ARP cache can be poisoned; see GRC | ARP Cache Poisoning . Rather than trying to protect it, I would think that I would rather want to have it cleared if the brower ever encountered a timeout error.