|
-
December 8th, 2003, 09:27 PM
#1
got ARP?
Hi all,
I know what ARP and RARP are and I know what they do. They map the MAC to IP and IP to MAC. It helps to make sure that only one machine on a network has only one IP address and helps to make sure that they are not duplicated elsewhere on the network.
I saw that disabling Gratuitous ARP can help with network performance and maintence.
Is that the same thing as disabling ARP requests?
If you were to disable it, it wouldn't matter becuase your switches and routers keep a list of them and would know where to send the traffic?
So... there is really no reason for a workstatoin to be making ARP requests?
Is it worth disabling it? Are there any security reasons for disabling or keeping it enabled?
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
December 8th, 2003, 09:38 PM
#2
A gratuitous ARP is where a device sends out an ARP broadcast and says: BTW, I AM xx:xx:xx:xx:xx:xx
If you accept gratuitous ARP requests, then your controller would take a note of that MAC and associate it with the person performing the gratuitous ARP, regardless of whether you had a value or not. Why is this bad? You can cause all traffic to be redirected to you at layer 2.
Normally, if you need a MAC, you would send out a ARP request, Whois 192.168.0.1? And if the device 192.168.0.1 was listening it would respond with its MAC Addr. By turning off the gratuitous ARP, you are just preventing someone going along and saying they are a certain MAC without being asked.
/neb
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
-
December 8th, 2003, 10:05 PM
#3
Gotcha.
So in other words... instead of it periodically saying "I'm such and such"... it would just wait to be asked.
When you talk about the traffic being redirected to you at layer two... you're talking about a situation where someone using ettercap or the like and spoofs ARP turning the switch to a hub? Or... actaully logging into a managed switch and doing port replication?
So... it doesn't really matter then if you keep it enabled or not.
I'm not having any performance problems or anything... I just read something about it the other day and the thought was in the back of my mind.
Thanks for your help!
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
December 8th, 2003, 10:13 PM
#4
I'm wanting to say that you would setup your machine to not ACCEPT gratuitous ARP. I am wanting to say you can't really tell your system to not send them (ie, someone could just run a program to send them; however, if you system is setup to not accept them, then it wouldn't matter).
Yes, tools like Dsniff and Ettercap use this type of functionality to get around switched networks.
/neb
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote