1
1 ARP and IP Attack Defense Configuration
ARP Packet Filtering Based on Gateway’s Address
Introduction
According to the ARP design, after receiving an ARP packet with the target IP address being that of the
receiving interface, a device adds the IP-to-MAC mapping of the sender into its ARP mapping table
even if the MAC address is not requested by itself. This can reduce the ARP traffic in the network, but it
also makes ARP spoofing possible.
The most common ARP attack on campus networks is the gateway spoofing attack. An attacker sends
an ARP packet with the gateway’s IP address and a fake MAC address, and then a receiving host
updates the IP-to-MAC binding of the gateway. As a result, the traffic sent from the host to the gateway
will be redirected to the fake MAC address, and the client will be unable to access the external network.
Figure 1-1 Gateway spoofing attack
To prevent gateway spoofing attacks, S3100-EI series Ethernet switches can filter ARP packets based
on the gateway’s address.
1) You can bind the gateway’s IP address to the downstream port (directly connected to hosts) of the
switch. After that, the port will discard ARP packets with the gateway’s IP address as the sender IP
address, and permit other ARP packets to pass.
2) You can also bind the IP and MAC addresses of the gateway to the cascaded port or upstream port
of the access switch. After that, the port will discard ARP packets with the sender IP address as the
gateway’s IP address but with the sender MAC address different from the gateway’s MAC address,
and permit other ARP packets to pass.
Configuring ARP Packet Filtering
To Next Page
Loading...
Need help?
General