beautypg.com

Arp settings, Arpmatchenetsender, Arpquerynosenderip – D-Link DFL-2500 User Manual

Page 312: Arpsenderip, Unsolicitedarpreplies, Arprequests, Arpchanges, Staticarpchanges

background image

13.4. ARP Settings

ARPMatchEnetSender

Determines if NetDefendOS will require the sender address at Ethernet level to comply with the
hardware address reported in the ARP data.

Default: DropLog

ARPQueryNoSenderIP

What to do with ARP queries that have a sender IP of 0.0.0.0. Such sender IPs are never valid in
responses, but network units that have not yet learned of their IP address sometimes ask ARP
questions with an "unspecified" sender IP.

Default: DropLog

ARPSenderIP

Determines if the IP sender address must comply with the rules in the Access section.

Default: Validate

UnsolicitedARPReplies

Determines how NetDefendOS will handle ARP replies that it has not asked for. According to the
ARP specification, the recipient should accept these. However, because this can facilitate hijacking
of local connections, it is not normally allowed.

Default: DropLog

ARPRequests

Determines if NetDefendOS will automatically add the data in ARP requests to its ARP table. The
ARP specification states that this should be done, but as this procedure can facilitate hijacking of
local connections, it is not normally allowed. Even if ARPRequests is set to "Drop", meaning that
the packet is discarded without being stored, NetDefendOS will, provided that other rules approve
the request, reply to it.

Default: Drop

ARPChanges

Determines how NetDefendOS will deal with situations where a received ARP reply or ARP request
would alter an existing item in the ARP table. Allowing this to take place may facilitate hijacking of
local connections. However, not allowing this may cause problems if, for example, a network
adapter is replaced, as NetDefendOS will not accept the new address until the previous ARP table
entry has timed out.

Default: AcceptLog

StaticARPChanges

Determines how NetDefendOS will handle situations where a received ARP reply or ARP request
would alter a static item in the ARP table. Of course, this is never allowed to happen. However, this
setting does allow you to specify whether or not such situations are to be logged.

Default: DropLog

13.4. ARP Settings

Chapter 13. Advanced Settings

312