Table of Contents
Advertisement
H3C Low-End Ethernet Switches Configuration Examples
ARP Attack Prevention
Attacker
Figure 1-1 Gateway spoofing attack
2)
Spoofing gateway attack
In the following figure, an attacker sends an ARP packet with a client's (Host A) IP
address on the same network and a fake MAC address to the gateway which then
updates the IP-to-MAC binding of the client. After that, traffic from the gateway to the
client is sent to the fake MAC address, and the client cannot access the external
network.
Host A s MAC
address has changed
Attacker
Figure 1-2 Spoofing gateway attack
3)
Spoofing terminal user attack
In the following figure, an attacker sends an ARP packet with Host A's IP address and a
fake MAC address to Host C which then updates the IP-to-MAC binding of Host A. After
that, traffic from Host C to Host A is sent to the fake MAC address, and thus unable to
reach Host A.
Gateway
Switch
Gateway s MAC
address has changed
Gateway
Switch
1-2
Chapter 1 ARP Attack Prevention Overview
Host A
Host A
Advertisement
Chapters
Table of Contents
