COMODO - Anti-ARP spoofing attack - What is it?

Status
Not open for further replies.
aliali

aliali

Level 2
Thread author
Verified
Sep 7, 2016
77
484
67
38
IRAN
What is ARP SPOOFING?

ARP.PNG
 
  • Like
Reactions: ZeroDay, aragornnnn, ravi prakash saini and 4 others
  • Enable anti-ARP spoofing - A gratuitous Address Resolution Protocol (ARP) frame is an ARP Reply that is broadcast to all machines in a network and is not in response to any ARP Request. When an ARP Reply is broadcast, all hosts are required to update their local ARP caches, whether or not the ARP Reply was in response to an ARP Request they had issued. Gratuitous ARP frames are important as they update your machine's ARP cache whenever there is a change to another machine on the network (for example, if a network card is replaced in a machine on the network, then a gratuitous ARP frame informs your machine of this change and requests to update your ARP cache so that data can be correctly routed). However, while ARP calls might be relevant to an ever shifting office network comprising many machines that need to keep each other updated , it is of far less relevance to, say, a single computer in your home network. Enabling this setting helps to block such requests - protecting the ARP cache from potentially malicious updates (Default = Disabled).
Click to expand...

From here
Firewall Behavior Settings, PC Firewall, Firewall Protection | Internet Security v6.2
 
  • Like
Reactions: ZeroDay, aragornnnn, Deleted member 2913 and 5 others
If you are networked, I would leave it disabled, if you are not, enabled it, it does prevent data frames attacks, someone stopping and modifying your network.

o.O how the hell did I do that, been hanging out too much at MT and with Mr. Penguin, SHvFI, frogboy, and tim one.
 
  • Like
Reactions: ZeroDay, aragornnnn, ravi prakash saini and 6 others
ARP spoofing is technique by which an attacker sends (spoofed) Address Resolution Protocol (ARP) messages onto a local area network. Generally, the aim is to associate the attacker's MAC address with the IP address of another host, such as the default gateway, causing any traffic meant for that IP address to be sent to the attacker instead. credit to wikipedia

However, did your ever heard about netcut? It is free utility to deny wifi/Wlan access through ARP spoofing method. So basically, comodo will protect you from people who use netcut (or similar method) to dominate your router. :)
 
  • Like
Reactions: Solarlynx, aliali and ZeroDay
Status
Not open for further replies.

You may also like...