1.
First, the attacker sends the false ARP response packets.
2.
Upon receiving the ARP response packets, Host A and Host B updates the ARP table of
their own.
3.
When Host A communicates with Host B, it will send the packets to the false destination
MAC address, i.e. to the attacker, according to the updated ARP table.
4.
After receiving the communication packets between Host A and Host B, the attacker
processes and forwards the packets to the correct destination MAC address, which makes
Host A and Host B keep a normal-appearing communication.
5.
The attacker continuously sends the false ARP packets to the Host A and Host B so as to
make the Hosts always maintain the wrong ARP table.
In the view of Host A and Host B, their packets are directly sent to each other. But in fact, there
is a Man-In-The-Middle stolen the packets information during the communication procedure.
This kind of ARP attack is called Man-In-The-Middle attack.
ARP Flooding Attack
The attacker broadcasts a mass of various fake ARP packets in a network segment to occupy
the network bandwidth viciously, which results in a dramatic slowdown of network speed.
Meantime, the Gateway learns the false IP address-to-MAC address mapping entries from
these ARP packets and updates its ARP table. As a result, the ARP table is fully occupied by the
false entries and unable to learn the ARP entries of legal Hosts, which causes that the legal
Hosts cannot access the external network.
The IP-MAC Binding function allows the switch to bind the IP address, MAC address, VLAN ID
and the connected Port number of the Host together when the Host connects to the switch.
Basing on the predefined IP-MAC Binding entries, the ARP Inspection functions to detect the
ARP packets and filter the illegal ARP packet so as to prevent the network from ARP attacks.
The
ARP Inspection
function is implemented on the
ARP Detect
,
ARP Defend
and
ARP
Statistics
pages.
14.3.1
ARP Detect
ARP Detect feature enables the switch to detect the ARP packets basing on the bound entries
in the IP-MAC Binding Table and filter the illegal ARP packets, so as to prevent the network
from ARP attacks, such as the Network Gateway Spoofing and Man-In-The-Middle Attack, etc.
346