Prevent Arp Spoofing Via Packet Content Acl - D-Link DGS-3427 - xStack Switch - Stackable Product Manual
Layer 2 managed gigabit ethernet switch
Hide thumbs
Also See for DGS-3427 - xStack Switch - Stackable:
- User manual (246 pages) ,
- Specifications (5 pages) ,
- Reference manual (629 pages)
Table of Contents
Advertisement
®
x Stack
DGS-3400 Series Layer 2 Gigabit Ethernet M anaged Sw itch
A common DoS attack today can be done by associating a nonexistent or any specified MAC address to the IP address of the
network's default gateway. The malicious attacker only needs to broadcast one Gratuitous ARP to the network claiming it is the
gateway so that the whole network operation will be turned down as all packets to the Internet will be directed to the wrong node.
Likewise, the attacker can either choose to forward the traffic to the actual default gateway (passive sniffing) or modify the data
before forwarding it (man-in-the-middle attack). The hacker cheats the victim PC that it is a router and cheats the router that it is
the victim. As can be seen in Figure 5 all traffic will be then sniffed by the hacker but the users will not discover.
Figure 5
Prevent ARP Spoofing via Packet Content ACL
D-Link managed switches can effectively mitigate common DoS attacks caused by ARP spoofing via a unique Package Content
ACL.
For the reason that basic ACL can only filter ARP packets based on packet type, VLAN ID, Source, and Destination MAC
information, there is a need for further inspections of ARP packets. To prevent ARP spoofing attack, we will demonstrate here via
using Packet Content ACL on the Switch to block the invalid ARP packets which contain faked gateway's MAC and IP binding.
394
Hide quick links:
Advertisement
Table of Contents
