What Attack Detection Settings with Router are Required?

I am behind a router.
What attack detection settings would increase security and which ones are unnecessary?
ARP Cache
Gratuitous ARP Frames
Block Fragmented IP Datagrams
Protocol Analysis
Monitor other NDIS Protocols


You’ll want to protect the ARP cache for sure. Gratuitous arp frames is up to you:

“Block gratuitous ARP frames
A gratuitous ARP frame is an ARP Reply that is broadcast to all machines in a network and is not in response to any ARP Request. When an ARP Reply is broadcast, all hosts are required to update their local ARP caches, whether or not the ARP Reply was in response to an ARP Request they had issued. Gratuitous ARP frames are important as they update your machine’s ARP cache whenever there is a change to another machine on the network (for example, if a network card is replaced in a machine on the network, then a gratuitous ARP frame will inform your machine of this change and request to update your ARP cache so that data can be correctly routed). Enabling this setting you will block such requests - protecting the ARP cache from potentially malicious updates.”

Attack detection settings just add another layer of security. i have all the miscellaneous items checked. it’s personal preference.

Being behind a router, your LAN is going to be mostly textbook structured packets. The fragmented datagrams, protocol analysis, and checksum stuff catch the non-textbook atypical stuff.

ARP checks make sense only on a LAN, as these are checks on the underlying LAN protocol that IP packets are built on.

Other NDIS protocols is a protection on your machine, in case something tries to install a parallel networking stack that CFP isn’t a part of. Like IPX or raw Netbios or some such. Or potentially a stealth TCP/IP stack.

Checking all the boxes shouldn’t cause any loading on your machine, and provides quite a bit of coverage outside the normal networking environment.