![background image](http://html.mh-extra.com/html/tp-link/safestream-tl-r600vpn/safestream-tl-r600vpn_configuration-manual_1144817108.webp)
Configuration Guide
100
Configuring Firewall
Configuration Examples
The attacker pretends to be legal terminal hosts and sends fake ARP packets to the router,
cheating the router into recording wrong ARP maps of the hosts. As a result, packets from the
gateway cannot be correctly sent to the hosts. To protect the router from this kind of attack,
you can configure Anti ARP Spoofing on the router.
Imitating Gateway and Cheating Hosts
These two attacks are aimed at the terminal hosts.
Imitating Gateway means that the attacker imitates the gateway and sends fake ARP packets
to the hosts. As a result, the hosts record wrong ARP map of the gateway and cannot send
packets to the router correctly.
Cheating Hosts means that the attacker pretends to be a legal host and sends fake ARP
packets to other hosts. As a result, the cheated hosts record an incorrect ARP map of the legal
host and cannot send packets to legal host correctly.
To protect the hosts from the attacks above, it is recommend to take both of the precautions
below.
»
Configure the firewall feature on the hosts.
»
Configure the router to send GARP packets to the hosts when the router detects ARP
attacks. The GARP packets will inform the hosts of the correct ARP maps, and the wrong
ARP maps in the hosts will be replaced by the correct ones.
In conclusion, to protect the network from ARP attacks, we should make sure both the router
and the hosts are configured with the relevant ARP defense features. Here we introduce how to
configure Anti ARP Spoofing on the router. There are mainly three steps:
1) Get the IP and MAC addresses of the legal hosts and bind them to the IP-MAC Binding list.
2) Enable Anti ARP Spoofing.
3) Configure the router to send GARP packets when ARP attacks are detected.
3.1.3 Configuration Procedure
Follow the steps below to configure Anti ARP Spoofing on the router:
1) Choose the menu
Firewall > Anti ARP Spoofing > IP-MAC Binding
to load the following
page. In the
IP-MAC Binding List
section, click
Add
.