Logging of possible ARP Poisoning attempts
Medium
Explanation
An ARP spoofing, also known as ARP poisoning, is a Man in the Middle (MitM) attack that allows attackers to intercept communication between network devices. A possible ARP Poisoning attempt can be mitigated by enabling Spoof protection along with other configurations described below.
Resolution
- Go to Protect > Intrusion Prevention > DoS & Spoof Protection.
- Ensure Enable spoof prevention is checked on LAN and DMZ zones.
- Ensure Apply Flag is checked on SYN flood, UDP flood, TCP flood, ICMP/ICMPv6 flood on both Source and Destination.
- Ensure Apply Flag is checked on Dropped source routed packets, Disable ICMP/ICMPv6 redirect packet, ARP hardening on Destination.
- Ensure that the DoS bypass rule is not added with wide range of source or destination networks that will reduce integrity of overall DoS protection.