Prevent Arp Spoofing Via Packet Content Acl - D-Link DGS-3200 SERIES Cli Manual
Layer 2 gigabit ethernet managed switch
Hide thumbs
Also See for DGS-3200 SERIES:
- User manual (287 pages) ,
- Hardware installation manual (79 pages) ,
- Reference manual (321 pages)
Table of Contents
Advertisement
DGS-3200 Series Layer 2 Gigabit Managed Switch CLI Manual
A common DoS attack today can be done by associating a nonexistent or any specified MAC address to the IP address
of the network's default gateway. The malicious attacker only needs to broadcast ONE Gratuitous ARP to the network
claiming it is the gateway so that the whole network operation will be turned down as all packets to the Internet will be
directed to the wrong node.
Likewise, the attacker can either choose to forward the traffic to the actual default gateway (passive sniffing) or modify
the data before forwarding it (man-in-the-middle attack). The hacker cheats the victim PC that it is a router and cheats
the router that it is the victim. As can be seen in Figure-5 all traffic will be then sniffed by the hacker but the users will not
discover.
Figure-5
Prevent ARP Spoofing via Packet Content ACL
D-Link managed switches can effectively mitigate common DoS attacks caused by ARP spoofing via a unique
Package Content ACL.
For the reason that basic ACL can only filter ARP packets based on packet type, VLAN ID, Source, and Destination
MAC information, there is a need for further inspections of ARP packets. To prevent ARP spoofing attack, we will
demonstrate here via using Packet Content ACL to block the invalid ARP packets which contain faked gateway's MAC
and IP binding.
440
- Quick Links:
- Accessing the Switch Via the Serial...
- Reset
Hide quick links:
Advertisement
Table of Contents
