1. Manuals
  2. Brands
  3. Allied Telesis Manuals
  4. Switch
  5. Layer 3 Switches
  6. Network manual

Identifying The User; Ip Spoofing And Tracking - Allied Telesis Layer 3 Switches Network Manual

Managed layer 3 switches
Hide thumbs
Table of Contents

Advertisement

Identifying the user

This section describes methods for authorising and tracking users and preventing them from
changing their identity on the network.

IP spoofing and tracking

Unknown users who attempt to change IP address—to circumvent billing or to hide their
identity—can be a problem for administrators.
Changing IP address for malicious reasons is most commonly called IP spoofing, and is also
known as ARP spoofing, ARP poisoning, and ARP poison routing (APR). The net result is the
same for all of these: the victim ends up with false information in its ARP table.
The trouble with ARP
IP Spoofing takes advantage of the inherently insecure design of ARP. In an Ethernet network,
a client may use a Gratuitous ARP (GARP), or merely send an ARP request or reply with
false information, to announce a phoney identity to the local subnet.
A phoney announcement may be made in a number of ways for a number of reasons. The
following table briefly explains these factors.
If the ARP or GARP packet contains...
MAC that does not exist on network and
IP address that does not exist on network
MAC that is owned by attacker and
IP address that does not exist on network
MAC that is owned by attacker and
IP address that is owned by another host
MAC that is owned by attacker and
IP address that is owned by the subnet router
MAC does not exist on network and
IP address that exists on network
The techniques for protecting the network are the same for all these phoney
announcements: reject gratuitous ARPs, and control access to ports with DHCP snooping
and ARP security. The following sections describe these solutions in detail.
Create A Secure Network With Allied Telesis Managed Layer 3 Switches
Then...
the attacker may be trying to fill up the IP ARP table
so that the subnet's router cannot learn more
addresses. As a result, return (routed) traffic may
not be forwarded.
the attacker is using an IP address that the
administrator has not assigned and so may be trying
to avoid traceability.
the attacker is trying to intercept traffic destined for
this host.
the attacker is trying to intercept all traffic leaving
the subnet.
the attacker is trying to cause traffic to this IP
address to flood to all hosts in the subnet. However,
hosts disregard the flooded traffic because it is not
addressed with any host's MAC address. This means
that the attacker receives the traffic and its intended
recipient ignores it.
Identifying the user
14
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Allied Telesis Layer 3 Switches

Related Content for Allied Telesis Layer 3 Switches

This manual is also suitable for:

At-8600At-8700xlAt-8800Rapier iSwitchbladeAt-9800 ... Show all

Table of Contents

Save Article as PDF