Home » D-Link Manuals » Hubs & Switches » D-Link DGS-3120-24TC » Manual Viewer

D-Link DGS-3120-24TC Product Manual - Page 323

How ARP Spoofing Attacks a Network

View all D-Link DGS-3120-24TC manuals

Add to My Manuals
Save this manual to your list of manuals

Page 323 highlights

xStack® DGS-3120 Series Managed Switch Web UI Reference Guide The switch will also examine the "Source Address" of the Ethernet frame and find that the address is not in the Forwarding Table. The switch will learn PC B's MAC and update its Forwarding Table. How ARP Spoofing Attacks a Network ARP spoofing, also known as ARP poisoning, is a method to attack an Ethernet network which may allow an attacker to sniff data frames on a LAN, modify the traffic, or stop the traffic altogether (known as a Denial of Service - DoS attack). The principle of ARP spoofing is to send the fake, or spoofed ARP messages to an Ethernet network. Generally, the aim is to associate the attacker's or random MAC address with the IP address of another node (such as the default gateway). Any traffic meant for that IP address would be mistakenly redirected to the node specified by the attacker. Figure 4 IP spoofing attack is caused by Gratuitous ARP that occurs when a host sends an ARP request to resolve its own IP address. Figure-4 shows a hacker within a LAN to initiate ARP spoofing attack. In the Gratuitous ARP packet, the "Sender protocol address" and "Target protocol address" are filled with the same source IP address itself. The "Sender H/W Address" and "Target H/W address" are filled with the same source MAC address itself. The destination MAC address is the Ethernet broadcast address (FF-FF-FF-FF-FFFF). All nodes within the network will immediately update their own ARP table in accordance with the sender's MAC and IP address. The format of Gratuitous ARP is shown in the following table. 315

Section	Page
Intended Readers	9
Typographical Conventions	9
Notes, Notices and Cautions	9
Chapter 1 Web-based Switch Configuration	10
Introduction	10
Login to the Web Manager	10
Web-based User Interface	10
Areas of the User Interface	11
Web Pages	12
Chapter 2 System Configuration	13
Device Information	13
System Information Settings	14
Port Configuration	15
Port Settings	15
Port Description Settings	16
Port Error Disabled	17
Jumbo Frame Settings	17
PoE	18
PoE System Settings	18
PoE Port Settings	19
Serial Port Settings	21
Warning Temperature Settings	21
System Log configuration	22
System Log Settings	22
System Log Server Settings	23
System Log	24
System Log & Trap Settings	24
System Severity Settings	25
Time Range Settings	26
Port Group Settings (EI Mode Only)	26
Time Settings	27
User Accounts Settings	27
Command Logging Settings	29
Stacking	29
Stacking Device Table	31
Stacking Mode Settings	31
Chapter 3 Management	33
ARP	33
Static ARP Settings	33
Proxy ARP Settings (EI Mode Only)	34
ARP Table	34
Gratuitous ARP	35
Gratuitous ARP Global Settings	35
Gratuitous ARP Settings	35
IPv6 Neighbor Settings (EI Mode Only)	36
IP Interface	37
System IP Address Settings	37
Interface Settings	38
Management Settings	41
Session Table	42
Single IP Management	43
Single IP Settings	45
Topology	45
Firmware Upgrade	51
Configuration File Backup/Restore	52
Upload Log File	52
SNMP Settings	52
SNMP Global Settings	53
SNMP Traps Settings	54
SNMP Linkchange Traps Settings	54
SNMP View Table Settings	55
SNMP Community Table Settings	56
SNMP Group Table Settings	57
SNMP Engine ID Settings	58
SNMP User Table Settings	59
SNMP Host Table Settings	60
SNMPv6 Host Table Settings (EI Mode Only)	61
RMON Settings	61
Telnet Settings	62
Web Settings	62
Chapter 4 L2 Features	63
VLAN	63
802.1Q VLAN Settings	68
802.1v Protocol VLAN	71
802.1v Protocol Group Settings	71
802.1v Protocol VLAN Settings	72
Asymmetric VLAN Settings	73
GVRP	73
GVRP Global Settings	73
GVRP Port Settings	74
MAC-based VLAN Settings	75
Private VLAN Settings	75
PVID Auto Assign Settings	77
Voice VLAN	77
Voice VLAN Global Settings	77
Voice VLAN Port Settings	78
Voice VLAN OUI Settings	79
Voice VLAN Device	79
VLAN Trunk Settings	80
Browse VLAN	80
Show VLAN Ports	81
QinQ (EI Mode Only)	81
QinQ Settings	83
VLAN Translation Settings	84
Spanning Tree	85
STP Bridge Global Settings	86
STP Port Settings	88
MST Configuration Identification	89
STP Instance Settings	90
MSTP Port Information	91
Link Aggregation	91
Port Trunking Settings	93
LACP Port Settings	93
FDB	95
Static FDB Settings	95
Unicast Static FDB Settings	95
Multicast Static FDB Settings	95
MAC Notification Settings	96
MAC Address Aging Time Settings	97
MAC Address Table	98
ARP & FDB Table	98
L2 Multicast Control	99
IGMP Snooping	99
IGMP Snooping Settings	99
IGMP Snooping Rate Limit Settings	102
IGMP Snooping Static Group Settings	103
IGMP Router Port	104
IGMP Snooping Group	104
IGMP Snooping Forwarding Table	105
IGMP Snooping Counter	106
MLD Snooping	107
MLD Snooping Settings	108
MLD Snooping Rate Limit Settings	110
MLD Snooping Static Group Settings	110
MLD Router Port	111
MLD Snooping Group	112
MLD Snooping Forwarding Table	113
MLD Snooping Counter	113
Multicast VLAN	114
IGMP Multicast Group Profile Settings	115
IGMP Snooping Multicast VLAN Settings	116
MLD Multicast Group Profile Settings	118
MLD Snooping Multicast VLAN Settings	119
Multicast Filtering	121
IPv4 Multicast Filtering	121
IPv4 Multicast Profile Settings	121
IPv4 Limited Multicast Range Settings	122
IPv4 Max Multicast Group Settings	123
IPv6 Multicast Filtering	124
IPv6 Multicast Profile Settings	124
IPv6 Limited Multicast Range Settings	125
IPv6 Max Multicast Group Settings	126
Multicast Filtering Mode	126
ERPS Settings (EI Mode Only)	127
LLDP	131
LLDP Global Settings	131
LLDP Port Settings	132
LLDP Management Address List	133
LLDP Basic TLVs Settings	133
LLDP Dot1 TLVs Settings	134
LLDP Dot3 TLVs Settings	135
LLDP Statistic System	136
LLDP Local Port Information	137
LLDP Remote Port Information	138
NLB FDB Settings	139
Chapter 5 L3 Features	140
IPv4 Default Route Settings (SI Mode Only)	140
IPv4 Static/Default Route Settings (EI Mode Only)	140
IPv4 Route Table	141
IPv6 Static/Default Route Settings (EI Mode Only)	142
IP Forwarding Table	142
Chapter 6 QoS	143
802.1p Settings	144
802.1p Default Priority Settings	144
802.1p User Priority Settings	145
Bandwidth Control	146
Bandwidth Control Settings	146
Queue Bandwidth Control Settings	148
Traffic Control Settings	148
DSCP	151
DSCP Trust Settings	151
DSCP Map Settings	152
HOL Blocking Prevention	153
Scheduling Settings	154
QoS Scheduling	154
QoS Scheduling Mechanism	155
Chapter 7 ACL	156
ACL Configuration Wizard	156
Access Profile List	157
Add an Ethernet ACL Profile	158
Adding an IPv4 ACL Profile	161
Adding an IPv6 ACL Profile	165
Adding a Packet Content ACL Profile	169
CPU Access Profile List	173
Adding a CPU Ethernet ACL Profile	174
Adding a CPU IPv4 ACL Profile	177
Adding a CPU IPv6 ACL Profile	181
Adding a CPU Packet Content ACL Profile	184
ACL Finder	187
ACL Flow Meter	187
Egress Access Profile List (EI Mode Only)	191
Add an Ethernet ACL Profile	191
Adding an IPv4 ACL Profile	194
Adding an IPv6 ACL Profile	198
Egress ACL Flow Meter (EI Mode Only)	202
Chapter 8 Security	205
802.1X	205
802.1X Global Settings	208
802.1X Port Settings	209
802.1X User Settings	210
Guest VLAN Settings	211
RADIUS	212
Authentication RADIUS Server Settings	212
RADIUS Accounting Settings	214
RADIUS Authentication	214
RADIUS Account Client	216
IP-MAC-Port Binding (IMPB) (EI Mode Only)	217
IMPB Global Settings	217
IMPB Port Settings	218
IMPB Entry Settings	219
MAC Block List	219
DHCP Snooping	220
DHCP Snooping Maximum Entry Settings	220
DHCP Snooping Entry	221
MAC-based Access Control (MAC)	221
MAC-based Access Control Settings	221
MAC-based Access Control Local Settings	223
MAC-based Access Control Authentication State	224
Web-based Access Control (WAC)	224
WAC Global Settings	227
WAC User Settings	228
WAC Port Settings	228
WAC Authentication State	230
Compound Authentication	230
Compound Authentication Settings	230
Compound Authentication Guest VLAN Settings (EI Mode Only)	232
Port Security	233
Port Security Settings	233
Port Security VLAN Settings	235
Port Security Entries	235
ARP Spoofing Prevention Settings	236
BPDU Attack Protection	237
Loopback Detection Settings	238
Traffic Segmentation Settings	239
NetBIOS Filtering Settings	240
DHCP Server Screening	241
DHCP Server Screening Port Settings	241
DHCP Offer Permit Entry Settings	242
Access Authentication Control	243
Enable Admin	244
Authentication Policy Settings	245
Application Authentication Settings	245
Authentication Server Group Settings	246
Authentication Server Settings	247
Login Method Lists Settings	248
Enable Method Lists Settings	249
Local Enable Password Settings	250
SSL Settings	251
SSH	253
SSH Settings	254
SSH Authentication Method and Algorithm Settings	254
SSH User Authentication List	256
Trusted Host Settings	257
Safeguard Engine Settings	258
Chapter 9 Network Application	261
DHCP	261
DHCP Relay	261
DHCP Relay Global Settings	261
DHCP Relay Interface Settings	264
DHCP Relay VLAN Settings (SI Mode Only)	265
DHCP Relay Option 60 Server Settings	265
DHCP Relay Option 60 Settings	266
DHCP Relay Option 61 Settings	267
DHCP Local Relay Settings	268
SNTP	268
SNTP Settings	268
Time Zone Settings	269
Flash File System Settings	270
Chapter 10 OAM	273
CFM	273
CFM Settings	273
CFM Port Settings	279
CFM MIPCCM Table	280
CFM Loopback Settings	280
CFM Linktrace Settings	281
CFM Packet Counter	282
CFM Fault Table	283
CFM MP Table	284
Ethernet OAM	284
Ethernet OAM Settings	284
Ethernet OAM Configuration Settings	285
Ethernet OAM Event Log	286
Ethernet OAM Statistics	287
Cable Diagnostics	288
Chapter 11 Monitoring	290
Utilization	290
CPU Utilization	290
DRAM & Flash Utilization	291
Port Utilization	291
Statistics	292
Port Statistics	292
Packets	292
Received (RX)	292
UMB_Cast (RX)	294
Transmitted (TX)	295
Errors	297
Received (RX)	297
Transmitted (TX)	298
Packet Size	300
Mirror	302
Port Mirror Settings	302
RSPAN Settings	302
sFlow (EI Mode Only)	304
sFlow Global Settings	304
sFlow Analyzer Server Settings	304
sFlow Flow Sampler Settings	305
sFlow Counter Poller Settings	306
Ping Test	307
Trace Route	308
Peripheral	310
Device Environment	310
Chapter 12 Save and Tools	311
Save Configuration / Log	311
Stacking Information	311
Download firmware	313
Download Firmware From TFTP	313
Download Firmware From HTTP	313
Upload Firmware	314
Upload Firmware To TFTP	314
Download Configuration	315
Download Configuration From TFTP	315
Download Configuration From HTTP	316
Upload Configuration	316
Upload Configuration To TFTP	316
Upload Configuration To HTTP	317
Upload Log File	318
Upload Log To TFTP	318
Upload Log To HTTP	318
Reset	319
Reboot System	319
Appendix Section	321
Appendix A Mitigating ARP Spoofing Attacks Using Packet Content ACL	321
How Address Resolution Protocol works	321
How ARP Spoofing Attacks a Network	323
Prevent ARP Spoofing via Packet Content ACL	324
Configuration	324
Appendix B Password Recovery Procedure	327
Appendix C System Log Entries	328

Match case Limit results 1 per page

xStack® DGS-3120 Series Managed Switch Web UI Reference Guide

315

The switch will also examine the “Source Address” of the Ethernet frame and find that the address is not in the

Forwarding Table. The switch will learn PC B’s MAC and update its Forwarding Table.

How ARP Spoofing Attacks a Network

ARP spoofing, also known as

ARP poisoning, is a method to

attack an Ethernet network

which may allow an attacker to

sniff data frames on a LAN,

modify the traffic, or stop the

traffic altogether (known as a

Denial of Service – DoS attack).

The principle of ARP spoofing is

to send the fake, or spoofed

ARP messages to an Ethernet

network. Generally, the aim is to

associate the attacker's or

random MAC address with the

IP address of another node

(such as the default gateway).

Any traffic meant for that IP

address would be mistakenly re-

directed to the node specified by

the attacker.

Figure 4

IP spoofing attack is caused by Gratuitous ARP that occurs when a host sends an ARP request to resolve its own

IP address. Figure-4 shows a hacker within a LAN to initiate ARP spoofing attack.

In the Gratuitous ARP packet, the “Sender protocol address” and “Target protocol address” are filled with the

same source IP address itself. The “Sender H/W Address” and “Target H/W address” are filled with the same

source MAC address itself. The destination MAC address is the Ethernet broadcast address (FF-FF-FF-FF-FF-

FF). All nodes within the network will immediately update their own ARP table in accordance with the sender’s

MAC and IP address. The format of Gratuitous ARP is shown in the following table.