How to prevent ARP spoof or Attack?

Suitable for: Routers, Wireless ADSL2+ Modem Routers, ADSL2+ Modem Routers, 300Mbps Wireless N Routers, 150Mbps Wireless N Routers, 54Mbps Wireless G Routers

In network the Address Resolution Protocol (ARP) is the standard protocol to be use to look for a MAC Address of host when only its IP Address is known. To achieve ARP spoof, IP Address or MAC Address will be modified, it will be a large threat  for transmitting data normally.
 
From the way of affecting network connection, there are two possible ARP attacks, one is cheating computers and other is one cheating router. Of course, the two attacks may occur at the same time. Anyhow, once there is ARP spoof in network, the data transmitted between router and computers will be sent to wrong MAC Address and the connection can’t establish successfully.
 
How do we prevent ARP spoof? According to the two cheat ways, we have to prevent ARP spoof both on computer and router.
 
What do I need to prepare before preventing ARP spoof?
When you enable ARP spoof preventing function (MAC Address & IP Address binding) on TP-LINK Router, you’d better do not obtain IP Address dynamically on your computers, because it will obtain different IP Address with the one in MAC Address & IP Address binding entry. Please set static TCP/IP properties on your computer.
 
Step 1
Assign static TCP/IP properties on your computer manually. Please go to our website and check configuration for How to configure TCP/IP Properties of my computer .
 
Step 2
Disable DHCP Server on the router after you login the Web-based Utility of it.
(1)     Click DHCP-DHCP Settings on the left page.
(2)     Check Disable item for DHCP Server.
 
 
(3)     Click Save button to save settings.
 
How to set the router to prevent ARP spoof?
Step 1
Open the web browser and type the LAN IP address of the router in the address field, the default IP address of TP-LINK router is 192.168.1.1/192.168.0.1, and then press Enter.
 
 
Step 2
Type the username and password in the login page, the default username and password both are admin.
 
Step 3
Click IP & MAC Binding->Binding setting on the left page.
 
Step 4
Select Enable ARP Binding, and click Save.
 
Step 5
Click ARP List on the left page, you can see ARP table the router learns.
 
If you can confirm the ARP table is correct, please click Load Add and Bind All, then all IP Address and MAC Address of your computers showed on the ARP table will be binded.
 
But if you can’t confirm the ARP table is correct, please add IP Address and MAC Address of your computers manually.
(1) Click Add New to set IP & MAC Bingding.
 
(2) Enable Bind, and type the MAC Address and IP Address of your computer.
 
You should know the MAC address of the computers which you would like to allow them to access the Internet. You can view them on the computers with command prompt.
(1)Click Start->Run, type cmd and press Enter.
 
(2) Type ipconfig/all at the prompt window, press Enter, it will show the MAC address and other address information of this computer.
 
Step 6
Click Save to save the settings.
 
How to set on computer to prevent ARP spoof?
At first you should know MAC Address of the router, you can view the information on LAN
 
Status after you login Web-based Utility.
 
ARP command program is built-in on Microsoft Operation System, we can use it on prompt command.
 
Step 1
Click Start->Run, type cmd and press Enter.
 
Step 2
Type arp –s 192.168.1.1 00-19-e0-fa-5b-2b on the window and press Enter.
192.168.1.1 is IP Address of router and 00-19-e0-fa-5b-2b is MAC Address of router. Then type arp –a on the window, we can view the type of entry we add is Static.
 
Now, we have added static arp binding entry on computer then the data to router won’t be sent to wrong place. But we will find the entry will disappear after rebooting computer and we need to re-type the command.
 
How can we do to make it running automatically without typing command manually every time?
 

Step 1

We need to create a batch file with extension name which is .bat, such as static_arp.bat, and edit it. Please type ARP command on it to bind IP Address and MAC Address of the router on your computer, then save it.
 
Step 2
Then click Start->All Programs, double click Startup, locate the batch file static_arp.bat in the folder.
 
After doing this, it will run arp command automatically when rebooting the computer every time.