D-Link DES-3550 Product Manual - Page 285
Prevent ARP spoofing via packet content ACL, Configuration:
UPC - 790069266317
View all D-Link DES-3550 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 285 highlights
xStack® DES-3500 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual • Prevent ARP spoofing via packet content ACL Concerning the common DoS attack today caused by the ARP spoofing, D-Link managed switch can effectively mitigate it via its unique Packet Content ACL. For that reason the basic ACL can only filter ARP packets based on packet type, VLAN ID, Source and Destination MAC information, there is a need for further inspections of ARP packets. To prevent ARP spoofing attack, we will demonstrate here using Packet Content ACL on DES-3526 to block the invalid ARP packets which contain fake gateway's MAC and IP binding. Example topology Configuration: The configuration logic is listed below: 1. Only when the ARP matches the Source MAC address in Ethernet, the Sender MAC address and Sender IP address in the ARP protocol can pass through the switch. (In this example, it is the gateway's ARP.) 2. The switch will deny all other ARP packets which claim they are from the gateway's IP. The design of Packet Content ACL on DES-3500 series enables users to inspect any offset_chunk. An offset_chunk is a 4-byte block in a HEX format which is utilized to match the individual field in an Ethernet frame. Each profile is allowed to contain up to a maximum of 4 offset_chunks. Furthermore, only one single profile of Packet Content ACL can be supported per switch. In other words, up to 16 bytes of total offset_chunks can be applied to each profile and a switch. Therefore, careful consideration is needed for planning the configuration of the valuable offset_chunks. In Table-6, you will notice that the Offset_Chunk0 starts from 127 and ends at the 128th byte. It can also be found that the offset_chunk is scratched from 1 but not zero!!! 270