SNR S2940-8G-v2 Switch Configuration Guide
Prevent ARP Spoofing Configuration
Chapter 31
Prevent ARP Spoofing Configuration
31.1 Overview
31.1.1 ARP (Address Resolution Protocol)
Generally speaking, ARP (RFC-826) protocol is mainly responsible of mapping IP address to rele-
vant 48-bit physical address, that is MAC address, for instance, IP address is 192.168.0.1, network
card Mac address is f8-f0-82-FD-1D-2B. What the whole mapping process is that a host computer
send broadcast data packet involving IP address information of destination host computer, ARP
request, and then the destination host computer send a data packet involving its IP address and
Mac address to the host, so two host computers can exchange data by MAC address.
31.1.2 ARP Spoofing
In terms of ARP Protocol design, to reduce redundant ARP data communication on networks,
even though a host computer receives an ARP reply which is not requested by itself, it will also
insert an entry to its ARP cache table, so it creates a possibility of 'ARP spoofing'. If the hacker
wants to snoop the communication between two host computers in the same network (even if are
connected by the switches), it sends an ARP reply packet to two hosts separately, and make them
misunderstand MAC address of the other side as the hacker host MAC address. In this way, the
direct communication is actually communicated indirectly among the hacker host computer. The
hackers not only obtain communication information they need, but also only need to modify some
information in data packet and forward successfully. In this sniff way, the hacker host computer
doesn't need to configure intermix mode of network card, that is because the data packet between
two communication sides are sent to hacker host computer on physical layer, which works as a
relay.
31.1.3 How to prevent void ARP Spoofing
There are many sniff, monitor and attack behaviors based on ARP protocol in networks, and most
of attack behaviors are based on ARP spoofing, so it is very important to prevent ARP spoofing.
ARP spoofing accesses normal network environment by counterfeiting legal IP address firstly, and
sends a great deal of counterfeited ARP application packets to switches, after switches learn these
packets, they will cover previously corrected IP, mapping of MAC address, and then some cor-
rected IP, MAC address mapping are modified to correspondence relationship configured by attack
211
To Next Page
Loading...
General