Configuring ARP Spoofing Protection

Policy Enforcement > ARP Spoofing Prevention

Network VirusWall Enforcer prevents Address Resolution Protocol (ARP) spoofing by broadcasting legitimate ARP information associated with your critical nodes. Network VirusWall Enforcer also monitors endpoints for ARP spoofing malware.

Malware Monitoring Settings

To detect and terminate ARP spoofing malware on endpoints, Network VirusWall Enforcer monitors applications for outgoing ARP traffic. If an application is found to be sending more than 100 ARP packets per second, Network VirusWall Enforcer considers the application ARP spoofing malware and can terminate the application.

To enable and configure malware monitoring:

  1. Click Policy Enforcement > ARP Spoofing Prevention.

  2. Under Malware Monitoring Settings, select Monitor for suspicious ARP traffic from endpoints. With this option selected, Network VirusWall Enforcer automatically monitors endpoints for ARP traffic.

  3. To terminate endpoint applications exhibiting ARP spoofing behavior, select Stop endpoint processes that send suspicious ARP traffic.

  4. Click Save.

Spoofing Prevention Settings

By broadcasting legitimate ARP information, Network VirusWall Enforcer allows endpoints to correct spoofed ARP information from malware or other sources.

To enable and configure ARP spoofing prevention:

  1. Click Policy Enforcement > ARP Spoofing Prevention.

  2. Under Spoofing Prevention Settings, select Enable ARP spoofing prevention.

  3. Specify the IP and MAC addresses of your critical nodes to help ensure that traffic to these nodes are not affected by ARP spoofing. To do this:

  1. Type a valid IP address.

  2. Note: ARP spoofing prevention only supports IPv4 addresses.

  1. Type a valid MAC address.

  2. Use the comment field to provide additional information about the node you are adding.

  3. Click Add to.

  4. Click Save.

See also:

About ARP Spoofing

About IP Addresses

About MAC Address