Reduce ARP caching time in Sun Solaris using ndd


ARP attacks are the easiest attacks that can be launched on a network or a Server causing a Denial of Service. One of those things that can be done on the Sun Solaris Operating System is to alter the caching time for the ARP cache whch reduces the time that a rogue ARP entry stays in the ARP table. While this is not fool proof but can certainly make it that extra difficult to the hacker.

The default time that ARP entries are cached in a Sun Solaris system is 5 mins.

However, this can be reduced to lower level (say 3mins). This means that the number of ARP requests and ARP replies to and from the server will increase as a result. So, before modifying the caching time, check if this can cause andy congestion on your network.

To set the ARP cache time period

solaris# ndd -set /dev/arp arp_cleanup_interval 180000

The above command sets the interval to 3 minutes (1min is equal to 60000ms). Now, all the ARP entries are flushed at a faster rate (every 3mins)

For this change to persist across reboots, add this command onto the init scripts in /etc/rc2.d directory for your network interface (where all the required ndd commands are run).

2 thoughts on “Reduce ARP caching time in Sun Solaris using ndd”

  1. root@mybox:~# ndd -set /dev/arp arp_cleanup_interval 180000
    name is non-existent for this module

  2. Dear Casey: please copy and paste below command:

    ndd -set /dev/arp arp_cleanup_interval 180000

    I think you are using ” ndd -get ” in place of “ndd -set”

    Regards,

Leave a Comment

Your email address will not be published. Required fields are marked *