Configuring Firewall
3
Configuration Examples
3.1
Example for Anti ARP Spoofing
3.1.1 Network Requirements
In the diagram below, several hosts are connected to the network via a layer 2 switch, and the
router is the gateway of this network. Since there exists the possibility that the attacker will
launch a series of ARP attacks, it is required to configure the router to protect itself and the
terminal hosts from the ARP attacks.
Figure 3-1 Network Topology
3.1.2 Configuration Scheme
The attacker can launch three types of ARP attacks: cheating gateway, imitating gateway
and cheating terminal hosts. The following section introduces the three ARP attacks and the
corresponding solutions.
Cheating Gateway
Cheating gateway attack is aimed at the router.
Gateway
Layer 2 Switch
Host A
192.168.0.10
00-19-56-8A-4C-71
00-19-56-82-3B-70
WAN
LAN
192.168.0.1
Host B
192.168.0.20
192.168.0.30
00-19-56-8D-22-75
Configuration Examples
Attacker
Host C
Configuration Guide
99