D-Link DES-3528 User Manual page 264

xStack DES-3528 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual
Ethernet Header
Destination Source
address address
(6-byte) (6-byte)
FF-FF-FF-FF-FF-FF 00-20-5C-01-11-11
Table-5
A common DoS attack today can be done by associating a nonexistent or specified MAC address to the IP address of
the network's default gateway. The malicious attacker only needs to broadcast ONE Gratuitous ARP to the network
claiming it is the gateway so that the whole network operation will be turned down as all packets to the Internet will be
directed to the wrong node.
Likewise, the attacker can either choose to forward the traffic to the actual default gateway (passive sniffing) or modify
the data before forwarding it (man-in-the-middle attack). The hacker cheats the victim's PC to think that it is a router
and cheats the router to think it is the victim. As can be seen in Figure-5 all traffic will be then sniffed by the hacker but
the users will not notice anything happening.
Ethernet H/W type Protocol
type type
(2-byte) (2-byte) (2-byte)
806
Gratuitous ARP
H/W Protocol Operation
address address
length length
(1-byte) (1-byte) (2-byte)
ARP reply
Figure-5
248
Sender H/W Sender Target H/W
address protocol
address
(6-byte) (4-byte)
00-20-5C-01-11-11 10.10.10.254 00-20-5C-01-11-11
Target
address protocol
address
(6-byte) (4-byte)
10.10.10.254