Comodo question!

Discussion in 'other firewalls' started by ratchet, Jun 11, 2011.

Thread Status:
Not open for further replies.
  1. ratchet

    ratchet Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    1,912
    My history: years and years ago, like maybe even more than 10, this old guy paid for Zone Alarm. Then for another number of years I used Comodo. By then I was starting to get a better feel for all of this PC stuff. Then a few years ago, OA free and then they offered a free license for their paid version which I used for a while. Never felt like it did a very good job of remembering "Allowed" items. Also tried PCTools for a while. Recently I've been using PrivateFirewall, which has brought me back to Comodo, since Zemana flunks its own keylogging test with PF installed. I never really ever had any issues with CFW other than when I used D+ with it, it could get annoying. I've just installed the base firewall and have enabled default "medium" settings and stealth ports. Should I enable "Protect the ARP Cache"? I am behind a router by the way! Thank you!
     
  2. pabrate

    pabrate Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    685
    That option is only useful in large networks.
    Home user doesn't need to worry about that.
     
  3. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    Then, No worries...:cool:
     
  4. Circe

    Circe Registered Member

    Joined:
    May 10, 2011
    Posts:
    138
    Location:
    Cheshire, England
    Protect the ARP Cache - Checking this option makes Comodo Firewall to start performing stateful inspection of ARP (Address Resolution Protocol) connections. This blocks spoof ARP requests and protects your computer from ARP cache poisoning attacks.
    The ARP Cache (or ARP Table) is a record of IP addresses stored on your computer that is used to map IP addresses to MAC addresses. Stateful inspection involves the analysis of data within the lowest levels of the protocol stack and comparing the current session to previous ones in order to detect suspicious activity.

    Background - Every device on a network has two addresses: a MAC (Media Access Control) address and an IP (Internet Protocol) address. The MAC address is the address of the physical network interface card inside the device, and never changes for the life of the device (in other words, the network card inside your PC has a hard coded MAC address that it keeps even if you install it in a different machine.) On the other hand, the IP address can change if the machine moves to another part of the network or the network uses DHCP to assign dynamic IP addresses. In order to correctly route a packet of data from a host to the destination network card it is essential to maintain a record of the correlation between a device's IP address and it's MAC address. The Address Resolution Protocol performs this function by matching an IP address to its appropriate MAC address (and vice versa). The ARP cache is a record of all the IP and MAC addresses that your computer has matched together.

    Hackers can potentially alter a computer's ARP cache of matching IP/MAC address pairs to launch a variety of attacks including, Denial of Service attacks, Man in the Middle attacks and MAC address flooding and ARP request spoofing. It should be noted, that a successful ARP attack is almost always dependent on the hacker having physical access to your network or direct control of a machine on your network - therefore this setting is of more relevance to network administrators than home users.


    Source: http://help.comodo.com/topic-72-1-155-1175-Advanced-Settings.html
     
  5. Spooony

    Spooony Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    514
    The ARP cache is situated in the ram.
     
Loading...
Thread Status:
Not open for further replies.