Few methods to protect your PC

Address resolution protocol attacks

Address resolution protocol known as ARP is a table in your operating system that contains a list of ip/s and mac addresses assigned to each other within a computer netwok.The ip/s in the list are the private ip/s that belong to the network not the internet service provider's ip, the private ip's mostly used start with 192.168.xxx.xxx and 10.0.0.xxx and always end with 255.
Mac address is the hardware address of your network component/s, whether it's a router, lan card, etc, this address consists of 12 numbers and is unique but there are ways to change it within windows os if the hardware is recognised by it.

To see your arp table
Go to start menu in taskbar, and type in the search box cmd and press enter (if you are using windows xp click run and type cmd)
a dos window appears, type the following

arp -a

now you can see the list of internet addresses and physical addresses, physical address is your mac address

Arp attacks target wired and wireless networks, in wired netwoks it happens by a member of the network, so it's possible to locate the attacker.
When the attack occurs and there aren't any means of arp protection, all your traffic is directed to the attackers computer, whatever you do on the internet gets logged by the attacker.

How does this happen?

As i typed in the beginning, your arp table contains ip/s and mac adresses of your network components, what the attacker does is poisoning this table, for example, The router's ip is 192.168.1.1 and mac address is 12-34-56-78-90-00, your computer communicates to the router according to the information in the table, when the arp poisoning starts the mac address of the router in your arp table changes to the attacker's mac address, so instead of your computer communicating with the router directly, it sends the traffic to the attacker's computer and from there to the router, at this point your data is logged by the attacker.

Means of protection

There are several ways to protect your arp

1- By adding manually a static ip and mac address of your network components through a dos command, but if the attack is furious, your internet will stop working until you use the delete arp command and accept the attack, so this method isn't the best.

To add the command, go to the dos window that was explained in the beginning and type the following

arp -s {add your private ip} {add your mac address}

without the brackets and make sure there is a space between the command and your ip and your ip and mac address, normally your the mac address is printed on your network component, this is the best way to get the correct address.
To delete the command, from the same dos window, type

arp -d


2- Some free applications that offer arp protection are comodo firewall and rising firewall

click here to download comodo

click here to download rising


3- The only paid application i know is antiarp, this application is an advanced in arp protection
click here to download antiarp

Note:- For better protection some changes need to be made to antiarp settings also comodo does not have arp protection enabled by default, so you have to enable it manually.

Posted in: