23 arp attack defense configuration, Arp detection, Introduction to arp detection – H3C Technologies H3C WX6000 Series Access Controllers User Manual

Page 167: Man-in-the-middle attack, Arp attack defense configuration

Advertising
background image

23-1

23

ARP Attack Defense Configuration

Support of the H3C WX series access controllers for features may vary by device model. For more

information, see "Feature Matrixes" in Compatibility Matrixes.

The sample output in this manual was created on the WX5004. The output on your device may

vary.

The grayed out functions or parameters on the Web interface indicate that they are not supported

or cannot be modified.

The models listed in this manual are not applicable to all regions. Please consult your local sales

office for the models applicable to your region.

Although ARP is easy to implement, it provides no security mechanism and thus is prone to network

attacks. Currently, ARP attacks and viruses are threatening LAN security. The device can provide

multiple features to detect and prevent such attacks. This chapter mainly introduces these features.

ARP Detection

Introduction to ARP Detection

The ARP detection feature allows only the ARP packets of authorized clients to be forwarded, hence

preventing man-in-the-middle attacks.

Man-in-the-middle attack

According to the ARP design, after receiving an ARP reply, a host adds the IP-to-MAC mapping of the

sender to its ARP mapping table. This design reduces the ARP traffic on the network, but also makes

ARP spoofing possible.

As shown in

Figure 23-1

, Host A communicates with Host C through a device. After intercepting the

traffic between Host A and Host C, a hacker (Host B) forwards forged ARP replies to Host A and Host C

respectively. Upon receiving the ARP replies, the two hosts update the MAC address corresponding to

the peer IP address in their ARP tables with the MAC address of Host B (MAC_B). After that, Host B

establishes independent connections with Host A and Host C and relays messages between them,

deceiving them into believing that they are talking directly to each other over a private connection, while

the entire conversation is actually controlled by Host B. Host B may intercept and modify the

communication data. Such an attack is called a man-in-the-middle attack.

Advertising
This manual is related to the following products:

H3C WX5000 Series Access Controllers, H3C WX3000 Series Unified Switches, H3C LSWM1WCM10 Access Controller Module, H3C LSWM1WCM20 Access Controller Module, H3C LSQM1WCMB0 Access Controller Module, H3C LSRM1WCM2A1 Access Controller Module, H3C LSBM1WCM2A0 Access Controller Module

Popular Brands
Popular manuals