Manualshelf

User`s manual

ManualsBrandsQNO ManualsComputer equipmentSecurity QoS Firewall Router
231232233234235236237238239240
Multi-WAN VPN QoS Router
235
is to inquire all the host devices in the same network session about ―What is the MAC address of
―192.168.1.1"? Other host devices do not respond to the ARP inquiry except host device B,
which responds to host device A when receiving this frame: ―The MAC address of 192.168.1.1 is
00-aa-00-62-c6-09‖. So Host A knows the MAC address of Host B, and it can send data to Host
B. Meanwhile, it will update its ARP cache.
Moreover, ARP virus attack can be briefly described as an internal attack to the PC, which
causes trouble to the ARP table of the PC. In LAN, IP address was transferred into the second
physical address (MAC address) through ARP protocol. ARP protocol is critical to network
security. ARP cheating is caused by fake IP addresses and MAC addresses, and the massive ARP
communications traffic will block the network. The MAC address from the fake source sends ARP
response, attacking the high-speed cache mechanism of ARP. This usually happens to the cyber
cafe users. Some or all devices in the shop experience temporal disconnection or failure of going
online. It can be resolved by restarting the device; however, the problem repeats shortly after.
Cafe Administrators can use arp a command to check the ARP table. If the device IP and MAC
are changed, it is the typical symptom of ARP virus attack.
Such virus program as PWSteal. lemir or its transformation is worm virus of the Trojan
programs affecting Windows 95/ 98/ Me/ NT/ 2000/ XP/ 2003. There are two attack methods
affecting the network connection speed: cheat on the ARP table in the device or LAN PC. The
former intercepts the gateway data and send ceaselessly a series of wrong MAC messages to the
device, which sends out wrong MAC address. The PC thus cannot receive the messages. The
later is ARP attack by fake gateways. A fake gateway is established. The PC which is cheated
sends data to this gateway and doesn't go online through the normal device. From the PC end,
the situation is "disconnection―.
For these two situations, the device and client setup must be done to prevent ARP virus attack,
which is to guarantee the complete resolution of the issue. The device selection is advised to take
into consideration the one with anti-ARP virus attack. Qno products come squarely with such a
feature, which is very user-friendly compared to other products.
2. ARP Diagnostic
If one or more computers are affected by the ARP virus, we must learn how to diagnose and
take appropriate measures. The following is experience shared by Qno technical engineers with
regard to the ARP prevention.
Through the ARP working principle, it is known that if the ARP cache is changed and the device