D-Link NetDefendOS User Manual page 227

Chapter 3: Fundamentals
This behavior can be changed by modifying the advanced setting Unsolicited ARP Replies.
ARP Requests
The ARP specification states that a host should update its ARP Cache with data from ARP
requests received from other hosts. However, as this procedure can facilitate hijacking of local
connections, NetDefendOS will normally not allow this.
To make the behavior compliant with the RFC 826 specification, the administrator can modify
the setting ARP Requests. Even if this is set to Drop (meaning that the packet is discarded
without being stored), NetDefendOS will reply to it provided that other rules approve the
request.
Changes to the ARP Cache
A received ARP reply or ARP request can possibly alter an existing entry in the ARP cache.
Allowing this to take place may allow hijacking of local connections. However, not allowing this
may cause problems if, for example, a network adapter is replaced since NetDefendOS will not
accept the new address until the previous ARP cache entry has timed out.
The advanced setting Static ARP Changes can modify this behavior. The default behavior is that
NetDefendOS will allow changes to take place, but all such changes will be logged.
A similar issue occurs when information in ARP replies or ARP requests could collide with static
entries in the ARP cache. This should not be allowed to happen and changing the setting Static
ARP Changes allows the administrator to specify whether or not such situations are logged.
Sender IP 0.0.0.0
NetDefendOS can be configured for handling ARP queries that have a sender IP of 0.0.0.0. Such
sender IPs are never valid as responses, but network units that have not yet learned of their IP
address sometimes ask ARP questions with an "unspecified" sender IP. Normally, these ARP
replies are dropped and logged, but the behavior can be changed by modifying the setting ARP
Query No Sender.
Matching Ethernet Addresses
By default, NetDefendOS will require that the sender address at Ethernet level should comply
with the Ethernet address reported in the ARP data. If this is not the case, the reply will be
dropped and logged. The behavior can be changed by modifying the setting ARP Match
Ethernet Sender.
227