Arp Inspection - TP-Link T3700G-52TQ User Manual

Rate Limit:
Circuit ID Customization:
Circuit ID:
LAG:

14.3 ARP Inspection

Since ARP protocol is implemented with the premise that all the Hosts and Gateways are
trusted, there are high security risks during ARP Implementation Procedure in the actual
complex network. Thus, the cheating attacks against ARP, such as imitating Gateway, cheating
Gateway, cheating terminal Hosts and ARP Flooding Attack, frequently occur to the network,
especially to the large network such as campus network and so on. The following part will
simply introduce these ARP attacks.
Imitating Gateway

The attacker sends the MAC address of a forged Gateway to Host, and then the Host will
automatically update the ARP table after receiving the ARP response packets, which causes
that the Host cannot access the network normally. The ARP Attack implemented by imitating
Gateway is illustrated in the following figure.
As the above figure shown, the attacker sends the fake ARP packets with a forged Gateway
address to the normal Host, and then the Host will automatically update the ARP table after
receiving the ARP packets. When the Host tries to communicate with Gateway, the Host will
encapsulate this false destination MAC address for packets, which results in a breakdown of
the normal communication.
Cheating Gateway

The attacker sends the wrong IP address-to-MAC address mapping entries of Hosts to the
Gateway, which causes that the Gateway cannot communicate with the legal terminal Hosts
Select the value to specify the maximum amount of DHCP
messages that can be forwarded by the switch of this port
per second. The excessive DHCP packets will be discarded.
Enable or Disable the switch to define Circuit ID.
Enter the sub-option Circuit ID for the customized Option 82.
Displays the LAG to which the port belongs to.
Figure 14-10 ARP Attack - Imitating Gateway
342