1. Manuals
  2. Brands
  3. QNO Manuals
  4. Wireless Router
  5. VPN QoS
  6. User manual

4)Arp Virus Attack Prevention - QNO VPN QoS User Manual

1x100mbps wan + 4x100mbps switch lan + 2xusb family &small business ipsec vpn solution
Hide thumbs
Table of Contents

Advertisement

(4)ARP Virus Attack Prevention
1.
ARP Issue and Information
Recently, many cyber cafes in China experienced disconnection (partially or totally) for a short period of
time, but connection is resumed quickly. This is caused by the clash with MAC address. When virus-contained
MAC mirrors to such NAT equipments as host devices, there is complete disconnection within the network. If
it mirrors to other devices of the network, only devices of this affected network have problems. This happens
mostly to legendary games especially those with private servers. Evidently, the network is attacked by ARP,
which aims to crack the encryption method. By doing so, they hackers may intercept the packet data and user
information through the analysis of the game's communication protocol. Through the spread of this virus, the
detailed information of the game players within the local network can be obtained. Their account and
information are stolen. The following describes how to prevent such virus attack.
First, let us get down to the definition of ARP (Address Resolution Protocol). In LAN, what is actually
transmitted is "frame", in which there is MAC address of the destination host device. So-called "Address
Analysis" refers to the transferring process of the target IP address into the target MAC address before the
host sends out the frame. The basic function of ARP protocol aims to inquire the MAC address of the target
equipment via the IP address of the target equipment so as to facilitate the communications.
The Working Principle of ARP Protocol: Computers with TCP/IP protocol have an ARP cache, in
which the IP address corresponds to the MAC address (as illustrated).
For example, host A (192.168.1.5) transmits data to Host B (192.168.1.1) .Transmitting data, Host A
searches for the destination IP address from the ARP Cache. If it is located, MAC address is known. Simply fill
in the MAC address for transmission. If no corresponding IP address is found in ARP cache, Host A will send
a broadcast. The MAC address is "FF.FF.FF.FF.FF.FF," which is to inquire all the host devices in the same
network session about "What is the MAC address of "192.168.1.1"? Other host devices do not respond to the
ARP inquiry except host device B, which responds to host device A when receiving this frame: "The MAC
IP Address
192.168.1.1
192.168.1.2
192.168.1.3
......
201
MAC
00-0f-3d-83-74-28
00-aa-00-62-c5-03
03-aa-01-75-c3-06
......
V
P
N
Q
o
S
W
i
r
e
l
e
s
s
R
o
u
V
P
N
Q
o
S
W
i
r
e
l
e
s
s
R
o
u
t
e
r
t
e
r

Advertisement

Table of Contents
loading

Table of Contents