Main functions of ARP firewall
1. Block external ARP attacks. Intercepts false ARP packets received at the system kernel layer to ensure the correctness of the local ARP cache table.
2. Block external ARP attacks. Intercept external ARP attack packets from the machine at the system kernel layer to prevent the machine from becoming the source of attacks after being infected with ARP viruses.
3. Block IP conflicts. Intercept the received IP conflict data packets at the system kernel layer to prevent the machine from being disconnected due to IP conflicts.
4. Active defense. Actively notify the correct MAC address of the machine to the gateway to ensure that the gateway is not affected by ARP spoofing.
ARP firewall auxiliary functions are designed around the main functions, in order to make the main functional modules work better.
ARP firewallThe main auxiliary functions are:
1. Intelligent defense. In the event that only the gateway is subject to ARP spoofing, the intelligent defense function can detect and react.
2. Trusted routing monitoring. In the case where only the gateway is ARP spoofed, the trusted route monitoring function can detect and react.
3. Specially designed to kill ARP virus. When it is discovered that there is an external attack on this machine, it will automatically locate the malicious program infected by this machine.
4. Dos attack suppression. Intercept the local TCP SYN/UDP/ICMP/ARP DoS attack packets at the system kernel layer and locate malicious programs.
5. Safe mode. Except for the gateway, it does not respond to ARP requests sent by other machines to achieve a stealth effect and reduce the chance of being attacked by ARP.
6. ARP traffic analysis. Analyze all ARP packets received by this machine, grasp network dynamics, and find potential attackers or poisoned machines.
7. Monitor ARP cache. Automatically monitor the local ARP cache table. If it is found that the gateway MAC address has been tampered with by a malicious program, it will alarm and automatically repair it.
8. Locate the source of the attack. After discovering that the machine has been ARP spoofed, it automatically and quickly locates the attacker's IP address.
9. System time protection. Prevent malicious programs from modifying the system time, causing some security protection software to fail.
10. IE homepage protection. Prevent the IE homepage from being tampered with by malicious programs.
11. ARP cache protection. Prevent malicious programs from tampering with the local ARP cache.
12. Self-process protection. Prevent ARP firewall from being terminated by malware.
13. Detect the network management software in the LAN. It can detect network management software running in the LAN, such as Network Law Enforcement Officer, Jusheng Network Management, P2P Terminator, etc.
Useful
Useful
Useful