Anti-Arpscan; C Ha Pte R 41 Anti- Arpsc A N; Anti-Arpscan Overview; What You Can Do - ZyXEL Communications XS3800-28 User Manual
28-port 10gbe l3 managed switch
Hide thumbs
Also See for XS3800-28:
- User manual (789 pages) ,
- Cli reference manual (407 pages) ,
- Quick start manual (2 pages)
Table of Contents
Advertisement
41.1 Anti- Arpsc a n O ve rvie w
Address Resolution Protocol (ARP), RFC 826, is a protocol used to convert a network-layer IP address to a
link-layer MAC address. ARP scan is used to scan the network of a certain interface for alive hosts. It
shows the IP address and MAC addresses of all hosts found. Hackers could use ARP scan to find targets
in your network.
ports.
Unusual ARP scan activity is determined by port and host thresholds that you set. A port threshold is
determined by the number of packets received per second on the port. If the received packet rate is
over the threshold, then the port is put into an
port manually if this happens and after you identify the cause of the problem.
A host threshold is determined by the number of ARP-request packets received per second. There is a
global threshold rate for all hosts. If the rate of a host is over the threshold, then that host is blocked by
using a MAC address filter. A blocked host is released automatically after the MAC aging time expires.
Note: A port-based threshold must be larger than the host-based threshold or the host-based
threshold will not work.
41.1.1 Wha t Yo u C a n Do
• Use the
Anti- Arpsc a n Sta tus
forwarding traffic or are disabled.
• Use the
Anti- Arpsc a n Ho st Sta tus
selected ones.
• Use the
Anti- Arpsc a n T rust Ho st
identified by IP address and subnet mask.
• Use this
Anti- Arpsc a n C o nfig ure
and host thresholds as well as configure ports to be trusted or untrusted.
41.1.2 Wha t Yo u Ne e d to Kno w
• You should set an uplink port as a trusted port before enabling
from being shutdown due to receiving too many ARP messages.
• When a port is configured as a trusted port,
port thresholds are ignored for trusted ports. If the received ARP packet rate on a port or the received
ARP-requests from a host exceed the thresholds, the trusted port will not be closed.
• If a port on the Switch is closed by
following:
Chapter 41 Anti-Arpscan
is used to detect unusual ARP scan activity and block suspicious hosts or
Anti- a rpsc a n
screen
(Section 41.2 on page
screen
screen
screen
Anti- a rpsc a n
XS3800-28 User's Guide
C
HA PTER
Anti- Arpsc a n
state. You can recover the normal state of the
Err- Disa b le
417) to see what ports are trusted and are
(Section 41.3 on page
(Section 41.4 on page
419) to create or remove trusted hosts
is not performed on trusted hosts.
Anti- a rpsc a n
(Section 41.5 on page
419) to enable anti-arpscan, set port
Anti- a rpsc a n
is not performed on the port. Both host and
Anti- a rpsc a n
, and you want to recover it, then do one of the
416
418) to view blocked hosts and clear
so as to prevent the port
4 1
Advertisement
Table of Contents
Troubleshooting
