Firewall protection

Find the answers to Adaptive Defense and Endpoint Protection queries in this forum. The experts will help you out!
Post Reply
listawood
Registered user
Registered user
Posts: 1
Joined: Mon, 04 Feb 2013, 17:54

Firewall protection

Post by listawood » Thu, 14 Dec 2017, 16:05

We are getting a lot of Smart ARP attacks reported by the firewall protection on several client machines. These look to be originating from our servers. I've ran Panda scans on these servers, they look clean.

Is there anything I can do to get more information on what is happening here?

Thanks

Darth Panda
Official moderator
Official moderator
Posts: 1437
Joined: Tue, 24 Oct 2017, 12:04

Re: Firewall protection

Post by Darth Panda » Thu, 14 Dec 2017, 16:52

dear client

Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address that is recognized in the local network. For example, in IP Version 4, the most common level of IP in use today, an address is 32 bits long. In an Ethernet local area network, however, addresses for attached devices are 48 bits long. (The physical machine address is also known as a Media Access Control or MAC address.) A table, usually called the ARP cache, is used to maintain a correlation between each MAC address and its corresponding IP address. ARP provides the protocol rules for making this correlation and providing address conversion in both directions.

Panda detects all arpscans not requested by us, so, if your servers do need to create an arp cache for whatever the reason (they are dns servers, they are the DC, there is the printer servers there as well) is normal you do find this servers requesting macs and ips to all computers on your network.
It also coudl be due to a failing network card, but this seems to be a bit less normal.

If you receive arpscans in excess you can uncheck that from the Firewall settings. or get your servers on the "whitelist" for IP´s not scanned, which is a bit more unsecure that unticking "arp scans"

regards.
Technical support – Panda Security
www.pandasecurity.com

Post Reply

Return to “Adaptive Defense and Endpoint Protection - Issues”