Solved: why we use "no ip Gratutious arp" command in routers?

saravanavel105 · ‎06-26-2014

why we use "no ip Gratutious arp" command in routers?

davrojas · ‎06-27-2014

Hello saravanavel105,

This is considered a security vulnerability because basically you are giving out free information out in the network which could be eavesdropped by an unauthorized attacker or an intruder, even though the purpose might be useful for certain scenarios. Here are some snippets from different links to understand what gratuitous is and you can build your conclusions:

"A gratuitous ARP is basically an ARP response that never had a request for it and is how most ARP spoofing programs work.

Normally you send an ARP request and wait for the ARP response. A gratuitous ARP is when you just send your details even though there was no request. These can happen legitimately when say your IP or MAC address change so you can update the ARP tables of other hosts."

http://security.stackexchange.com/questions/41924/wireshark-gratuitous-arp

ARP Considerations

ARP is designed to map IP addresses to MAC addresses. It was also, like most protocols still used in IP networking today, designed at a time when everyone on a network was supposed to be reasonably trustworthy. As a result, the protocol is designed around efficiently executing its task, with no provisions for dealing with malicious use. At a basic level, the protocol works by broadcasting a packet requesting the MAC address that owns a particular IP address. All devices on a LAN will see the request, but only the device that uses the IP address will respond.

From a security standpoint, there is a major limitation in ARP. ARP has no notion of IP address ownership. This means any MAC address can masquerade as any IP address provided an attacker has the right software tool to execute the attack. Furthermore, there is a special type of ARP broadcast called a gratuitous ARP (gARP). A gARP message tells all hosts on a LAN, without having been asked, what its IP–MAC binding is.

http://www.ciscopress.com/articles/article.asp?p=174313&seqNum=2

Regards,

Davy "Tico" Jones

View solution in original post

davrojas · ‎06-27-2014

Hello saravanavel105,

This is considered a security vulnerability because basically you are giving out free information out in the network which could be eavesdropped by an unauthorized attacker or an intruder, even though the purpose might be useful for certain scenarios. Here are some snippets from different links to understand what gratuitous is and you can build your conclusions:

"A gratuitous ARP is basically an ARP response that never had a request for it and is how most ARP spoofing programs work.

Normally you send an ARP request and wait for the ARP response. A gratuitous ARP is when you just send your details even though there was no request. These can happen legitimately when say your IP or MAC address change so you can update the ARP tables of other hosts."

http://security.stackexchange.com/questions/41924/wireshark-gratuitous-arp

ARP Considerations

ARP is designed to map IP addresses to MAC addresses. It was also, like most protocols still used in IP networking today, designed at a time when everyone on a network was supposed to be reasonably trustworthy. As a result, the protocol is designed around efficiently executing its task, with no provisions for dealing with malicious use. At a basic level, the protocol works by broadcasting a packet requesting the MAC address that owns a particular IP address. All devices on a LAN will see the request, but only the device that uses the IP address will respond.

From a security standpoint, there is a major limitation in ARP. ARP has no notion of IP address ownership. This means any MAC address can masquerade as any IP address provided an attacker has the right software tool to execute the attack. Furthermore, there is a special type of ARP broadcast called a gratuitous ARP (gARP). A gARP message tells all hosts on a LAN, without having been asked, what its IP–MAC binding is.

http://www.ciscopress.com/articles/article.asp?p=174313&seqNum=2

Regards,

Davy "Tico" Jones