Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

why we use "no ip Gratutious arp" command in routers?

why we use "no ip Gratutious arp" command in routers?

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Hello saravanavel105, This is

Hello saravanavel105,

 

This is considered a security vulnerability because basically you are giving out free information out in the network which could be eavesdropped by an unauthorized attacker or an intruder, even though the purpose might be useful for certain scenarios. Here are some snippets from different links to  understand what gratuitous is and you can build your conclusions:

 

 

"A gratuitous ARP is basically an ARP response that never had a request for it and is how most ARP spoofing programs work.

Normally you send an ARP request and wait for the ARP response. A gratuitous ARP is when you just send your details even though there was no request. These can happen legitimately when say your IP or MAC address change so you can update the ARP tables of other hosts."

http://security.stackexchange.com/questions/41924/wireshark-gratuitous-arp

 

 

ARP Considerations

ARP is designed to map IP addresses to MAC addresses. It was also, like most protocols still used in IP networking today, designed at a time when everyone on a network was supposed to be reasonably trustworthy. As a result, the protocol is designed around efficiently executing its task, with no provisions for dealing with malicious use. At a basic level, the protocol works by broadcasting a packet requesting the MAC address that owns a particular IP address. All devices on a LAN will see the request, but only the device that uses the IP address will respond.

From a security standpoint, there is a major limitation in ARP. ARP has no notion of IP address ownership. This means any MAC address can masquerade as any IP address provided an attacker has the right software tool to execute the attack. Furthermore, there is a special type of ARP broadcast called a gratuitous ARP (gARP). A gARP message tells all hosts on a LAN, without having been asked, what its IP–MAC binding is.

 

http://www.ciscopress.com/articles/article.asp?p=174313&seqNum=2

 

 

Regards,

 

Davy "Tico" Jones

1 REPLY
Silver

Hello saravanavel105, This is

Hello saravanavel105,

 

This is considered a security vulnerability because basically you are giving out free information out in the network which could be eavesdropped by an unauthorized attacker or an intruder, even though the purpose might be useful for certain scenarios. Here are some snippets from different links to  understand what gratuitous is and you can build your conclusions:

 

 

"A gratuitous ARP is basically an ARP response that never had a request for it and is how most ARP spoofing programs work.

Normally you send an ARP request and wait for the ARP response. A gratuitous ARP is when you just send your details even though there was no request. These can happen legitimately when say your IP or MAC address change so you can update the ARP tables of other hosts."

http://security.stackexchange.com/questions/41924/wireshark-gratuitous-arp

 

 

ARP Considerations

ARP is designed to map IP addresses to MAC addresses. It was also, like most protocols still used in IP networking today, designed at a time when everyone on a network was supposed to be reasonably trustworthy. As a result, the protocol is designed around efficiently executing its task, with no provisions for dealing with malicious use. At a basic level, the protocol works by broadcasting a packet requesting the MAC address that owns a particular IP address. All devices on a LAN will see the request, but only the device that uses the IP address will respond.

From a security standpoint, there is a major limitation in ARP. ARP has no notion of IP address ownership. This means any MAC address can masquerade as any IP address provided an attacker has the right software tool to execute the attack. Furthermore, there is a special type of ARP broadcast called a gratuitous ARP (gARP). A gARP message tells all hosts on a LAN, without having been asked, what its IP–MAC binding is.

 

http://www.ciscopress.com/articles/article.asp?p=174313&seqNum=2

 

 

Regards,

 

Davy "Tico" Jones

450
Views
5
Helpful
1
Replies
CreatePlease login to create content