xStack
®
DGS-3120 Series Managed Switch CLI Reference Guide
777
Denial of
Service – DoS
attack).
Figure 4
The principle of ARP spoofing is to send the fake, or spoofed ARP messages to an Ethernet
network. Generally, the aim is to associate the attacker's or random MAC address with the IP
address of another node (such as the default gateway). Any traffic meant for that IP address
would be mistakenly re-directed to the node specified by the attacker.
IP spoofing attack is caused by Gratuitous ARP that occurs when a host sends an ARP request
to resolve its own IP address. Figure-4 shows a hacker within a LAN to initiate ARP spoofing
attack.
In the Gratuitous ARP packet, the “Sender protocol address” and “Target protocol address” are
filled with the same source IP address itself. The “Sender H/W Address” and “Target H/W
address” are filled with the same source MAC address itself. The destination MAC address is the
Ethernet broadcast address (FF-FF-FF-FF-FF-FF). All nodes within the network will immediately
update their own ARP table in accordance with the sender’s MAC and IP address. The format of
Gratuitous ARP is shown in the following table.
A common DoS
attack today can
be done by
associating a
nonexistent or
any specified
MAC address to
the IP address of
the network’s
default gateway.
Figure 5
The malicious attacker only needs to broadcast one Gratuitous ARP to the network claiming it is
the gateway so that the whole network operation will be turned down as all packets to the
Internet will be directed to the wrong node.
Likewise, the attacker can either choose to forward the traffic to the actual default gateway
(passive sniffing) or modify the data before forwarding it (man-in-the-middle attack).