06-26-2014 07:02 AM - edited 03-03-2019 07:28 AM
why we use "no ip Gratutious arp" command in routers?
Solved! Go to Solution.
06-27-2014 09:59 AM
Hello saravanavel105,
This is considered a security vulnerability because basically you are giving out free information out in the network which could be eavesdropped by an unauthorized attacker or an intruder, even though the purpose might be useful for certain scenarios. Here are some snippets from different links to understand what gratuitous is and you can build your conclusions:
"A gratuitous ARP is basically an ARP response that never had a request for it and is how most ARP spoofing programs work.
Normally you send an ARP request and wait for the ARP response. A gratuitous ARP is when you just send your details even though there was no request. These can happen legitimately when say your IP or MAC address change so you can update the ARP tables of other hosts."
http://security.stackexchange.com/questions/41924/wireshark-gratuitous-arp
ARP is designed to map IP addresses to MAC addresses. It was also, like most protocols still used in IP networking today, designed at a time when everyone on a network was supposed to be reasonably trustworthy. As a result, the protocol is designed around efficiently executing its task, with no provisions for dealing with malicious use. At a basic level, the protocol works by broadcasting a packet requesting the MAC address that owns a particular IP address. All devices on a LAN will see the request, but only the device that uses the IP address will respond.
From a security standpoint, there is a major limitation in ARP. ARP has no notion of IP address ownership. This means any MAC address can masquerade as any IP address provided an attacker has the right software tool to execute the attack. Furthermore, there is a special type of ARP broadcast called a gratuitous ARP (gARP). A gARP message tells all hosts on a LAN, without having been asked, what its IP–MAC binding is.
http://www.ciscopress.com/articles/article.asp?p=174313&seqNum=2
Regards,
Davy "Tico" Jones
06-27-2014 09:59 AM
Hello saravanavel105,
This is considered a security vulnerability because basically you are giving out free information out in the network which could be eavesdropped by an unauthorized attacker or an intruder, even though the purpose might be useful for certain scenarios. Here are some snippets from different links to understand what gratuitous is and you can build your conclusions:
"A gratuitous ARP is basically an ARP response that never had a request for it and is how most ARP spoofing programs work.
Normally you send an ARP request and wait for the ARP response. A gratuitous ARP is when you just send your details even though there was no request. These can happen legitimately when say your IP or MAC address change so you can update the ARP tables of other hosts."
http://security.stackexchange.com/questions/41924/wireshark-gratuitous-arp
ARP is designed to map IP addresses to MAC addresses. It was also, like most protocols still used in IP networking today, designed at a time when everyone on a network was supposed to be reasonably trustworthy. As a result, the protocol is designed around efficiently executing its task, with no provisions for dealing with malicious use. At a basic level, the protocol works by broadcasting a packet requesting the MAC address that owns a particular IP address. All devices on a LAN will see the request, but only the device that uses the IP address will respond.
From a security standpoint, there is a major limitation in ARP. ARP has no notion of IP address ownership. This means any MAC address can masquerade as any IP address provided an attacker has the right software tool to execute the attack. Furthermore, there is a special type of ARP broadcast called a gratuitous ARP (gARP). A gARP message tells all hosts on a LAN, without having been asked, what its IP–MAC binding is.
http://www.ciscopress.com/articles/article.asp?p=174313&seqNum=2
Regards,
Davy "Tico" Jones
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide