Chapter 16 Prevent Arp, Nd Spoofing Configuration; Overview; Arp ( Address Resolution Protocol); Arp Spoofing - Edge-Core ES4626 User Manual

Chapter 16 Prevent ARP, ND Spoofing
Configuration

16.1 Overview

16.1.1 ARP ( Address Resolution Protocol)

Generally speaking, ARP (RFC-826) protocol is mainly responsible of mapping IP
address to relevant 48-bit physical address, that is Mac address, for instance, IP address
is 192.168.0.1, network card Mac address is 00-03-0F-FD-1D-2B. What the whole
mapping process is that a host computer send broadcast data package involving IP
address information of destination host computer, ARP request, and then the destination
host computer send a data package involving its IP address and Mac address to the host,
so two host computers can exchange data by MAC address.

16.1.2 ARP Spoofing

In terms of ARP Protocol design, to reduce redundant ARP data communication on
networks, even though a host computer receives an ARP reply which is not requested by
itself, it will also insert an entry to its ARP cache table, so it creates a possibility of "ARP
spoofing". If the hacker wants to snoop the communication between two host computers
in the same network (even if are connected by the switches), it sends an ARP reply
packet to two hosts separately, and make them misunderstand MAC address of the other
side as the hacker host MAC address. In this way, the direct communication is actually
communicated indirectly among the hacker host computer. The hackers not only obtain
communication information they need, but also only need to modify some information in
data packet and forward successfully. In this sniff way, the hacker host computer doesn't
need to configure intermix mode of network card, that is because the data packet
between two communication sides are sent to hacker host computer on physical layer,
which works as a relay.
398