V
V
P
P
N
N
Q
Q
o
o
S
S
W
W
i
i
r
r
e
e
l
l
e
e
s
s
s
s
R
R
o
o
u
u
t
t
e
e
r
r
201
(
4
)
ARP Virus Attack Prevention
1.
ARP Issue and Information
Recently, many cyber cafes in China experienced disconnection (partially or totally) for a short period of
time, but connection is resumed quickly. This is caused by the clash with MAC address. When virus-contained
MAC mirrors to such NAT equipments as host devices, there is complete disconnection within the network. If
it mirrors to other devices of the network, only devices of this affected network have problems. This happens
mostly to legendary games especially those with private servers. Evidently, the network is attacked by ARP,
which aims to crack the encryption method. By doing so, they hackers may intercept the packet data and user
information through the analysis of the game's communication protocol. Through the spread of this virus, the
detailed information of the game players within the local network can be obtained. Their account and
information are stolen. The following describes how to prevent such virus attack.
First, let us get down to the definition of ARP (Address Resolution Protocol). In LAN, what is actually
transmitted is "frame", in which there is MAC address of the destination host device. So-
called “Address
Analysis” refers to the transferring process of the target IP address into the target MAC address before the
host sends out the frame. The basic function of ARP protocol aims to inquire the MAC address of the target
equipment via the IP address of the target equipment so as to facilitate the communications.
The Working Principle of ARP Protocol:
Computers with TCP/IP protocol have an ARP cache, in
which the IP address corresponds to the MAC address (as illustrated).
IP Address
MAC
192.168.1.1
00-0f-3d-83-74-28
192.168.1.2
00-aa-00-62-c5-03
192.168.1.3
03-aa-01-75-c3-06
……
……
For example, host A (192.168.1.5) transmits data to Host B (192.168.1.1) .Transmitting data, Host A
searches for the destination IP address from the ARP Cache. If it is located, MAC address is known. Simply fill
in the MAC address for transmission. If no corresponding IP address is found in ARP cache, Host A will send
a broadcast.
The MAC address is “FF.FF.FF.FF.FF.FF,” which is to inquire all the host devices in the same
network session about “What is the MAC address of “192.168.1.1"? Other host devices do not respond to the
ARP inquiry except host device B, which responds to host device
A when receiving this frame: “The MAC
Summary of Contents for VPN QoS
Page 53: ...V VP PN N Q Qo oS S W Wi ir re el le es ss s R Ro ou ut te er r 52...
Page 57: ...V VP PN N Q Qo oS S W Wi ir re el le es ss s R Ro ou ut te er r 56...
Page 78: ...V VP PN N Q Qo oS S W Wi ir re el le es ss s R Ro ou ut te er r 77 8 2 Security Setting...
Page 88: ...V VP PN N Q Qo oS S W Wi ir re el le es ss s R Ro ou ut te er r 87 9 1 Bandwidth Management...
Page 115: ...V VP PN N Q Qo oS S W Wi ir re el le es ss s R Ro ou ut te er r 114 2 Add new rule click...
Page 123: ...V VP PN N Q Qo oS S W Wi ir re el le es ss s R Ro ou ut te er r 122 11 3 L7 QoS 1 Rule List...
Page 125: ...V VP PN N Q Qo oS S W Wi ir re el le es ss s R Ro ou ut te er r 124 2 Add New Rule Click...
Page 175: ...V VP PN N Q Qo oS S W Wi ir re el le es ss s R Ro ou ut te er r 174...
Page 195: ...V VP PN N Q Qo oS S W Wi ir re el le es ss s R Ro ou ut te er r 194...