As you guys know, there is an option called "Enable ARP protection" under the firewall settings. Despite enabling this option, I could still ARP poison my desktop that's in the same network as my laptop and sniff all the packets. How did this happen? Am I the only one experiencing this malfunction of ZA?

You will need to give some more detail on how you are doing the ARP poisoning.

I used Backtrack3 live cd to launch an ARP poisoning attack. Specifically, I used Ettercap that comes with BT3.
First I scanned for a host and got IPs for my router and my desktop. Then, I added those IPs to each target and enabled ARP poisoning, which was carried out successfully.

This should only be possible if someone gains access to the wireless network right?

So far as I know,none of those brand name firewalls can stop heavy ARP attacks. We already have had a lot of discussion about this topic in WSF.

There are some Anti-arp tools which are designed to fight ARP attack only though. You may try antiarp (http://www.antiarp.com/news_25.html),but it requests you to change your homepage if you want to continue to use the product after 15 days trial. Or you may try Kingsoft's antiarp (http://www.duba.net/download/arp.shtml).

I heard they both did well in ARP attack tests.

-{ Quote: "This should only be possible if someone gains access to the wireless network right?" }-
yes, it's only possible once you gain access to the network.

-{ Quote: "So far as I know,none of those brand name firewalls can stop heavy ARP attacks. We already have had a lot of discussion about this topic in WSF.

There are some Anti-arp tools which are designed to fight ARP attack only though. You may try antiarp (http://www.antiarp.com/news_25.html),but it requests you to change your homepage if you want to continue to use the product after 15 days trial. Or you may try Kingsoft's antiarp (http://www.duba.net/download/arp.shtml).

I heard they both did well in ARP attack tests." }-
Thank you for the info.

Alright thanks rOadToIS!

-{ Quote: "This should only be possible if someone gains access to the wireless network right?" }- Yes, or take control of your ISP ;D

-{ Quote: "Yes, or take control of your ISP ;D" }-

Now I'm really worried! My ISP are run by morons!;D

-{ Quote: "Now I'm really worried! My ISP are run by morons!;D" }- Mhuhuuaah, you are owned :lurking:

-{ Quote: "Now I'm really worried! My ISP are run by morons!;D" }-

hell i know my ISP is run by morons... but the customer support is nice at least ;D but they havent been taken over (yet...) :)

-{ Quote: "So far as I know,none of those brand name firewalls can stop heavy ARP attacks. We already have had a lot of discussion about this topic in WSF.

There are some Anti-arp tools which are designed to fight ARP attack only though. You may try antiarp (http://www.antiarp.com/news_25.html),but it requests you to change your homepage if you want to continue to use the product after 15 days trial. Or you may try Kingsoft's antiarp (http://www.duba.net/download/arp.shtml).

I heard they both did well in ARP attack tests." }-


-{ Quote: "So far as I know,none of those brand name firewalls can stop heavy ARP attacks" }-

I use another brand name FW, and it does offer protection against ARP attacks.

I would want to see independent testing results from someone like Stem before accepting that ZA or any main line FW doesn't protect against ARP attacks.

In the meantime can you provide links to your test results?