2.
Select the following:
•
Mode: Static
•
Interface: lan
3.
Enter the following:
•
IP Address: 192.168.10.15
•
MAC: 4b-86-f6-c5-a2-14
4.
Click OK
3.5.4. Using ARP Advanced Settings
This section presents some of the advanced settings related to ARP. In most cases, these settings
need not to be changed, but in some deployments, modifications might be needed. A summary of all
ARP advanced settings can be found in the next section.
Multicast and Broadcast
ARP requests and ARP replies containing multicast or broadcast addresses are usually never correct,
with the exception of certain load balancing and redundancy devices, which make use of hardware
layer multicast addresses.
The default behavior of NetDefendOS is to drop and log such ARP requests and ARP replies. This
can, however, be changed by modifying the advanced settings ARP Multicast and ARP Broadcast.
Unsolicited ARP Replies
It is possible for a host on a connected network to send an ARP reply to NetDefendOS even though
a corresponding ARP request was not issued. This is known as an unsolicited ARP reply.
According to the ARP specification, the recipient should accept these types of ARP replies.
However, because this could be a malicious attempt to hijack a connection, NetDefendOS will, by
default, drop and log unsolicited ARP replies.
This behavior can be changed by modifying the advanced setting Unsolicited ARP Replies.
ARP Requests
The ARP specification states that a host should update its ARP Cache with data from ARP requests
received from other hosts. However, as this procedure can facilitate hijacking of local connections,
NetDefendOS will normally not allow this.
To make the behavior compliant with the RFC 826 specification, the administrator can modify the
setting ARP Requests. Even if this is set to Drop (meaning that the packet is discarded without
being stored), NetDefendOS will reply to it provided that other rules approve the request.
Changes to the ARP Cache
A received ARP reply or ARP request can possibly alter an existing entry in the ARP cache.
Allowing this to take place may allow hijacking of local connections. However, not allowing this
may cause problems if, for example, a network adapter is replaced since NetDefendOS will not
accept the new address until the previous ARP cache entry has timed out.
3.5.4. Using ARP Advanced Settings
Chapter 3. Fundamentals
133
Содержание NetDefend DFL-1660
Страница 28: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 28 ...
Страница 88: ...2 6 3 Restore to Factory Defaults Chapter 2 Management and Maintenance 88 ...
Страница 166: ...3 10 DNS Chapter 3 Fundamentals 166 ...
Страница 254: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 254 ...
Страница 268: ...5 4 IP Pools Chapter 5 DHCP Services 268 ...
Страница 368: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 368 ...
Страница 390: ...7 4 7 SAT and FwdFast Rules Chapter 7 Address Translation 390 ...
Страница 414: ...8 3 Customizing Authentication HTML Pages Chapter 8 User Authentication 414 ...
Страница 490: ...9 8 6 Specific Symptoms Chapter 9 VPN 490 ...
Страница 528: ...10 4 6 Setting Up SLB_SAT Rules Chapter 10 Traffic Management 528 ...
Страница 544: ...11 7 HA Advanced Settings Chapter 11 High Availability 544 ...
Страница 551: ...12 3 5 Limitations Chapter 12 ZoneDefense 551 ...
Страница 574: ...Default 512 13 9 Miscellaneous Settings Chapter 13 Advanced Settings 574 ...
Страница 575: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 575 ...