Chapter 28 prevent arp spoofing configuration, 1 overview, 1 arp (address resolution protocol) – PLANET WGSW-52040 User Manual

Page 244: 2 arp spoofing, 3 how to prevent void arp spoofing, Chapter 28 prevent arp spoofing configuration -23, Verview, 1 arp (address resolution protocol) -23, 2 arp spoofing -23, 3 how to prevent void arp spoofing -23

Advertising
background image

Chapter 28 Prevent ARP Spoofing

Configuration

28.1 Overview

28.1.1 ARP (Address Resolution Protocol)

Generally speaking, ARP (RFC-826) protocol is mainly responsible of mapping IP address to

relevant 48-bit physical address, that is MAC address, for instance, IP address is 192.168.0.1,

network card Mac address is 00-30-4F-FD-1D-2B. What the whole mapping process is that a

host computer send broadcast data packet involving IP address information of destination host

computer, ARP request, and then the destination host computer send a data packet involving

its IP address and Mac address to the host, so two host computers can exchange data by

MAC address.

28.1.2 ARP Spoofing

In terms of ARP Protocol design, to reduce redundant ARP data communication on networks,

even though a host computer receives an ARP reply which is not requested by itself, it will also

insert an entry to its ARP cache table, so it creates a possibility of “ARP spoofing”. If the hacker

wants to snoop the communication between two host computers in the same network (even if

are connected by the switches), it sends an ARP reply packet to two hosts separately, and

make them misunderstand MAC address of the other side as the hacker host MAC address. In

this way, the direct communication is actually communicated indirectly among the hacker host

computer. The hackers not only obtain communication information they need, but also only

need to modify some information in data packet and forward successfully. In this sniff way, the

hacker host computer doesn’t need to configure intermix mode of network card, that is

because the data packet between two communication sides are sent to hacker host computer

on physical layer, which works as a relay.

28.1.3 How to prevent void ARP Spoofing

There are many sniff, monitor and attack behaviors based on ARP protocol in networks, and

most of attack behaviors are based on ARP spoofing, so it is very important to prevent ARP

28-23

Advertising
Popular Brands
Popular manuals