Lan 6 popular arpfirewall ultimate test

ARP is the abbreviation of Address Resolution Protocol. In the LAN, the actual transmission is frame, and the frame contains the MAC address of the target host. In Ethernet, to directly communicate with another host, you must know the MAC address of the target host. But how can I obtain the target MAC address? It is obtained through the Address Resolution Protocol. The so-called "Address Resolution" refers to the process in which the host converts the target IP address to the target MAC address before sending the frame. The basic function of ARP is to query the MAC address of the target device through the IP address of the target device to ensure smooth communication.

Evaluation Software

Click to directly access the firewall Evaluation page

360 security guard arpfirewall 2
Jinshan arpfirewall 1.2
Rising firewall Personal Edition 2008
CHX-I V3
Arpfirewall Personal Edition 5.0.1 (ANTIARP)
Yundun firewall 1.27 BETA2

ARP attack software

P2P Terminator 3.6 (he was chosen because he is free of charge and has good performance. The operation is simple and suitable for all groups of users. He should be among the top users in ARP attack software)

Test Environment

China Telecom 1 m adsl, a router, a local machine, a small LAN consisting of two virtual machines (in the bridge mode), this test is mainly carried out in virtual machines!
Use thunder to check out the software for downloading the speed test.
In order to avoid the speed of different video resources, only Nagano Legend 2 is used for each test.

Virtual Machine System

Network speed without ARP Spoofing

No defense against the network speed when ARP spoofing occurs

All ARP Spoofing rules are

In the following example, the attacker machine is called A and the attacker is called B.

360 security guard arpfirewall

System Requirements: free of charge, but 360 security guard must be installed, otherwise installation is not allowed

Restart After installation is complete.

Interface and settings

Resource usage

Test Results

The P2P Terminator on the attacker can detect the local host and impose ARP spoofing speed limits on it. It finds that the firewall can intercept, but the speed is still limited. The firewall intercepts 336 attacks within one minute.

Jinshan arpfirewall

Authorization method: free version
Supported systems: 2 K/XP/VISTA

Interface and settings

Test Results

Kingsoft sets the security mode. The P2P terminator of Kingsoft cannot find the client. However, if the P2P Terminator is enabled before Kingsoft arpfirewall is started, B will still be detected.
In addition, if server A detects server B for the first time, it does not detect server B for the next time. If the IP address of server B still exists in the P2P attack list, even if Server B is not detected, it will send ARP spoofing like server B by default.
Test Kingsoft detected 1547 attacks within one minute. ARP spoofing speed limit has little impact on machine B.
The result is as follows: