D-Link DGS-3200 Series User Manual page 246

Layer 2 gigabit ethernet managed switch

Hide thumbs Also See for DGS-3200 Series:

Cli manual (443 pages)

Hardware installation manual (79 pages)

Reference manual (321 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

page of 287

/ 287
Contents
Table of Contents
Bookmarks

Table of Contents

How ARP Spoofing Attacks a Network

ARP spoofing, also known as ARP poisoning, is a method to attack an Ethernet network which may allow an attacker to sniff data

frames on a LAN, modify the traffic, or stop the traffic altogether (known as a Denial of Service – DoS attack). The principle of

ARP spoofing is to send the fake, or spoofed ARP messages to an Ethernet network. Generally, the aim is to associate the

attacker's or random MAC address with the IP address of another node (such as the default gateway). Any traffic meant for that IP

address would be mistakenly re-directed to the node specified by the attacker.

IP spoofing attack is caused by Gratuitous ARP that occurs when a host sends an ARP request to resolve its own IP address.

Figure-4 shows a hacker within a LAN to initiate ARP spoofing attack.

Figure-4

In the Gratuitous ARP packet, the "Sender protocol address" and "Target protocol address" are filled with the same source IP

address itself. The "Sender H/W Address" and "Target H/W address" are filled with the same source MAC address itself. The

destination MAC address is the Ethernet broadcast address (FF-FF-FF-FF-FF-FF). All nodes within the network will immediately

update their own ARP table in accordance with the sender's MAC and IP address. The format of Gratuitous ARP is shown in the

following table

Table-5

Ethernet Header

Destination

Source address Ethernet

address

(6-byte)

FF-FF-FF-FF-FF-FF

00-20-5C-01-11-11

A common DoS attack today can be done by associating a nonexistent or any specified MAC address to the IP address of the

network's default gateway. The malicious attacker only needs to broadcast ONE Gratuitous ARP to the network claiming it is the

gateway so that the whole network operation will be turned down as all packets to the Internet will be directed to the wrong node.

Likewise, the attacker can either choose to forward the traffic to the actual default gateway (passive sniffing) or modify the data

before forwarding it (man-in-the-middle attack). The hacker cheats the victim PC that it is a router and cheats the router that it is

the victim. As can be seen in Figure-5 all traffic will be then sniffed by the hacker but the users will not discover.

DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch

H/W type

Protocol

type

(2-byte)

806

Gratuitous ARP

H/W

Protocol

Operation

address

length

(1-byte)

(2-byte)

ARP reply

232

Sender

H/W

Sender

Target

address

protocol

address

(6-byte)

(4-byte)

(6-byte)

00-20-5C-01-11-11

10.10.10.254

00-20-5C-01-11-11

H/W

Target

protocol

address

(4-byte)

10.10.10.254

Table of Contents

D-Link DGS-3200 Series User Manual page 246

Related Manuals for D-Link DGS-3200 Series

Related Products for D-Link DGS-3200 Series

Table of Contents