Re: no ip gratuitous-arp

From: koury@london.com
Date: Thu Dec 07 2006 - 10:49:22 ART

• Next message: Tandou Mohamed: "Wireless connection"
• Previous message: Tandou Mohamed: "Wireles connection"
• Maybe in reply to: Kalil Koury: "no ip gratuitous-arp"
• Next in thread: Hugo Viana: "Re: no ip gratuitous-arp"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

    Thanks Muhammad for your immediate reply!!!
    I still have some doubts about how this feature.
1) The Cisco routers only send gARP in this situations (sending out IP address over a PPP connection)?
2) I don't understand how this vulnerability (send gARP over ppp connection) can be exploited or can't be after disabled the feature. If the router (after disabled gARP) still received (not send out) gARP, this device still don't continue vulnerable to fake rARPs from a attacker?

Thanks!
Koury

    ----- Original Message -----
    From: "Muhammad Nasim"
    To: koury@london.com
    Cc: ccielab@groupstudy.com
    Subject: Re: no ip gratuitous-arp
    Date: Thu, 7 Dec 2006 04:48:40 +0300

    Hi Koury,

    Without prompting, a gratuitous ARP (gARP) message tells all hosts on a
    network segment, the IP address to MAC address binding for that
    host.Unfortunately, a gARP can easily be spoofed.Any device can pretend to
    be something it is not by sending out a gARP with its IP address.This causes
    the endpoint to replace the MAC address of a legitimate network device with
    the MAC address of the attacker in the ARP table of the target device.

    By default, most Cisco routers send out a gratuitous gARP message whenever a
    client connects and negotiates an IP address over a PPP connection. A gARP
    is the main mechanism used in ARP poisoning attacks. You should disable
    gARPs unless they are otherwise needed.

    We can disable gratuitous ARP transmissions using the no ip gratuitous-arps
    command in global configuration mode.

    gARP transmission occurs when the client receives the address from a local
    address pool.If we dont want to send the address to the client from the
    local address pool then we should disable the command

    HTH

    On 12/6/06, koury@london.com wrote:
>
> Hi, Guys!
>
> Can someone explain how the command "no ip gratuitous-arp" works?
> The router stop to send out or/and to process "gratuitous arps"?
> Which situation we enable or disable it?
>
> Thanks!!!
> Koury
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>

    --
    Muhammad Nasim
    Network Engineer
    SISCOM
    Saudi Arabia

    _______________________________________________________________________
    Subscription information may be found at:
    http://www.groupstudy.com/list/CCIELab.html

• Next message: Tandou Mohamed: "Wireless connection"
• Previous message: Tandou Mohamed: "Wireles connection"
• Maybe in reply to: Kalil Koury: "no ip gratuitous-arp"
• Next in thread: Hugo Viana: "Re: no ip gratuitous-arp"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jan 02 2007 - 07:50:37 ART