Chapter 12 prevent arp, nd spoofing configuration, 1 overview, 1 arp ( address resolution protocol) – Accton Technology ES4626 User Manual

352

Chapter 12 Prevent ARP, ND Spoofing
Configuration

12.1 Overview

12.1.1 ARP ( Address Resolution Protocol)

Generally speaking, ARP (RFC-826) protocol is mainly responsible of mapping IP

address to relevant 48-bit physical address, that is Mac address, for instance, IP address

is 192.168.0.1, network card Mac address is 00-03-0F-FD-1D-2B. What the whole

mapping process is that a host computer send broadcast data package involving IP

address information of destination host computer, ARP request, and then the destination

host computer send a data package involving its IP address and Mac address to the host,

so two host computers can exchange data by MAC address.

12.1.2 ARP Spoofing

In terms of ARP Protocol design, to reduce redundant ARP data communication on

networks, even though a host computer receives an ARP reply which is not requested by

itself, it will also insert an entry to its ARP cache table, so it creates a possibility of “ARP

spoofing”. If the hacker wants to snoop the communication between two host computers

in the same network (even if are connected by the switches), it sends an ARP reply

packet to two hosts separately, and make them misunderstand MAC address of the other

side as the hacker host MAC address. In this way, the direct communication is actually

communicated indirectly among the hacker host computer. The hackers not only obtain

communication information they need, but also only need to modify some information in

data packet and forward successfully. In this sniff way, the hacker host computer doesn’t

need to configure intermix mode of network card, that is because the data packet

between two communication sides are sent to hacker host computer on physical layer,

which works as a relay.

12.1.3 How to prevent void ARP/ND Spoofing for our Layer 3
Switch