Home » TP-Link Manuals » Hubs & Switches » TP-Link T2600G-52TS TL-SG3452 » Manual Viewer

TP-Link T2600G-52TS TL-SG3452 T2600G-52TS V1 User Guide - Page 218

Man-In-The-Middle Attack, ARP Flooding Attack

View all TP-Link T2600G-52TS TL-SG3452 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 218 highlights

 Man-In-The-Middle Attack The attacker continuously sends the false ARP packets to the Hosts in LAN so as to make the Hosts maintain the wrong ARP table. When the Hosts in LAN communicate with one another, they will send the packets to the attacker according to the wrong ARP table. Thus, the attacker can get and process the packets before forwarding them. During the procedure, the communication packets information between the two Hosts are stolen in the case that the Hosts were unaware of the attack. That is called Man-In-The-Middle Attack. The Man-In-The-Middle Attack is illustrated in the following figure. Figure 12-13 Man-In-The-Middle Attack Suppose there are three Hosts in LAN connected with one another through a switch. Host A: IP address is 192.168.0.101; MAC address is 00-00-00-11-11-11. Host B: IP address is 192.168.0.102; MAC address is 00-00-00-22-22-22. Attacker: IP address is 192.168.0.103; MAC address is 00-00-00-33-33-33. 1. First, the attacker sends the false ARP response packets. 2. Upon receiving the ARP response packets, Host A and Host B updates the ARP table of their own. 3. When Host A communicates with Host B, it will send the packets to the false destination MAC address, i.e. to the attacker, according to the updated ARP table. 4. After receiving the communication packets between Host A and Host B, the attacker processes and forwards the packets to the correct destination MAC address, which makes Host A and Host B keep a normal-appearing communication. 5. The attacker continuously sends the false ARP packets to the Host A and Host B so as to make the Hosts always maintain the wrong ARP table. In the view of Host A and Host B, their packets are directly sent to each other. But in fact, there is a Man-In-The-Middle stolen the packets information during the communication procedure. This kind of ARP attack is called Man-In-The-Middle attack.  ARP Flooding Attack The attacker broadcasts a mass of various fake ARP packets in a network segment to occupy the network bandwidth viciously, which results in a dramatic slowdown of network speed. Meantime, the Gateway learns the false IP address-to-MAC address mapping entries from these ARP 208

Section	Page
Package Contents	11
Chapter 1 About this Guide	12
1.1 Intended Readers	12
1.2 Conventions	12
1.3 Overview of This Guide	12
Chapter 2 Introduction	16
2.1 Overview of the Switch	16
2.2 Appearance Description	16
2.2.1 Front Panel	16
2.2.2 Rear Panel	18
Chapter 3 Login to the Switch	20
3.1 Login	20
3.2 Configuration	21
Chapter 4 System	22
4.1 System Info	22
4.1.1 System Summary	22
4.1.2 Device Description	24
4.1.3 System Time	24
4.1.4 Daylight Saving Time	25
4.1.5 System IPv6	26
4.2 User Management	35
4.2.1 User Table	35
4.2.2 User Config	35
4.3 System Tools	36
4.3.1 Boot Config	37
4.3.2 Config Restore	38
4.3.3 Config Backup	38
4.3.4 Firmware Upgrade	39
4.3.5 System Reboot	40
4.3.6 System Reset	40
4.4 Access Security	41
4.4.1 Access Control	41
4.4.2 HTTP Config	42
4.4.3 HTTPS Config	43
4.4.4 SSH Config	45
4.4.5 Telnet Config	52
4.5 SDM Template	52
4.5.1 SDM Template Config	52
Chapter 5 Switching	54
5.1 Port	54
5.1.1 Port Config	54
5.1.2 Port Mirror	55
5.1.3 Port Security	57
5.1.4 Port Isolation	59
5.1.5 Loopback Detection	60
5.2 LAG	62
5.2.1 LAG Table	63
5.2.2 Static LAG	64
5.2.3 LACP Config	65
5.3 Traffic Monitor	67
5.3.1 Traffic Summary	67
5.3.2 Traffic Statistics	68
5.4 MAC Address	69
5.4.1 Address Table	71
5.4.2 Static Address	72
5.4.3 Dynamic Address	73
5.4.4 Filtering Address	75
Chapter 6 VLAN	77
6.1 802.1Q VLAN	78
6.1.1 VLAN Config	79
6.1.2 Port Config	80
6.2 Application Example for 802.1Q VLAN	82
6.3 MAC VLAN	83
6.3.1 MAC VLAN	84
6.3.2 Port Enable	85
6.4 Application Example for MAC VLAN	85
6.5 Protocol VLAN	87
6.5.1 Protocol Group Table	88
6.5.2 Protocol Group	89
6.5.3 Protocol Template	89
6.6 Application Example for Protocol VLAN	91
6.7 VLAN VPN	93
6.7.1 VPN Config	94
6.7.2 Port Enable	95
6.7.3 VLAN Mapping	95
6.8 GVRP	98
6.9 Private VLAN	101
6.9.1 PVLAN Config	103
6.9.2 Port Config	104
6.10 Application Example for Private VLAN	105
Chapter 7 Spanning Tree	108
7.1 STP Config	113
7.1.1 STP Config	113
7.1.2 STP Summary	115
7.2 Port Config	116
7.3 MSTP Instance	117
7.3.1 Region Config	118
7.3.2 Instance Config	118
7.3.3 Instance Port Config	119
7.4 STP Security	121
7.4.1 Port Protect	121
7.4.2 TC Protect	124
7.5 Application Example for STP Function	124
Chapter 8 Multicast	129
8.1 IGMP Snooping	133
8.1.1 Snooping Config	135
8.1.2 Port Config	137
8.1.3 VLAN Config	138
8.1.4 Multicast VLAN	139
8.1.5 Querier Config	142
8.1.6 Profile Config	144
8.1.7 Profile Binding	145
8.1.8 Packet Statistics	147
8.2 MLD Snooping	148
8.2.1 Snooping Config	150
8.2.2 Port Config	152
8.2.3 VLAN Config	153
8.2.4 Multicast VLAN	154
8.2.5 Querier Config	155
8.2.6 Profile Config	157
8.2.7 Profile Binding	158
8.2.8 Packet Statistics	160
8.3 Multicast Table	161
8.3.1 IPv4 Multicast Table	161
8.3.2 Static IPv4 Multicast Table	162
8.3.3 IPv6 Multicast Table	163
8.3.4 Static IPv6 Multicast Table	164
Chapter 9 Routing	166
9.1 Interface	166
9.2 Routing Table	169
9.3 Static Routing	170
9.4 ARP	171
9.4.1 ARP Table	171
9.4.2 Static ARP	171
Chapter 10 QoS	172
10.1 DiffServ	175
10.1.1 Port Priority	175
10.1.2 Schedule Mode	176
10.1.3 802.1P Priority	177
10.1.4 DSCP Priority	178
10.2 Bandwidth Control	180
10.2.1 Rate Limit	180
10.2.2 Storm Control	181
10.3 Voice VLAN	182
10.3.1 Global Config	184
10.3.2 Port Config	185
10.3.3 OUI Config	186
Chapter 11 ACL	188
11.1 Time-Range	188
11.1.1 Time-Range Summary	188
11.1.2 Time-Range Create	189
11.1.3 Holiday Config	190
11.2 ACL Config	190
11.2.1 ACL Summary	190
11.2.2 ACL Create	191
11.2.3 MAC ACL	191
11.2.4 Standard-IP ACL	193
11.2.5 Extend-IP ACL	194
11.3 Policy Config	195
11.3.1 Policy Summary	195
11.3.2 Policy Create	196
11.3.3 Action Create	196
11.4 ACL Binding	197
11.4.1 Binding Table	198
11.4.2 Port Binding	199
11.4.3 VLAN Binding	200
11.5 Policy Binding	200
11.5.1 Binding Table	201
11.5.2 Port Binding	202
11.5.3 VLAN Binding	203
11.6 Application Example for ACL	203
Chapter 12 Network Security	206
12.1 IP-MAC Binding	206
12.1.1 Binding Table	206
12.1.2 Manual Binding	207
12.1.3 ARP Scanning	209
12.2 DHCP Snooping	210
12.2.1 Global Config	214
12.2.2 Port Config	215
12.3 ARP Inspection	216
12.3.1 ARP Detect	219
12.3.2 ARP Defend	220
12.3.3 ARP Statistics	221
12.4 IP Source Guard	222
12.5 DoS Defend	223
12.5.1 DoS Defend	224
12.6 802.1X	224
12.6.1 Global Config	228
12.6.2 Port Config	230
12.6.3 Radius Server	231
Chapter 13 SNMP	233
13.1 SNMP Config	235
13.1.1 Global Config	235
13.1.2 SNMP View	236
13.1.3 SNMP Group	237
13.1.4 SNMP User	238
13.1.5 SNMP Community	240
13.2 Notification	242
13.3 RMON	244
13.3.1 Statistics	245
13.3.2 History	246
13.3.3 Event	247
13.3.4 Alarm Config	248
Chapter 14 LLDP	250
14.1 Basic Config	253
14.1.1 Global Config	253
14.1.2 Port Config	254
14.2 Device Info	255
14.2.1 Local Info	255
14.2.2 Neighbor Info	257
14.3 Device Statistics	258
14.4 LLDP-MED	259
14.4.1 Global Config	260
14.4.2 Port Config	260
14.4.3 Local Info	263
14.4.4 Neighbor Info	264
Chapter 15 Maintenance	266
15.1 System Monitor	266
15.1.1 CPU Monitor	266
15.1.2 Memory Monitor	267
15.2 Log	267
15.2.1 Log Table	268
15.2.2 Local Log	269
15.2.3 Remote Log	270
15.2.4 Backup Log	270
15.3 Device Diagnostics	271
15.3.1 Cable Test	271
15.4 Network Diagnostics	272
15.4.1 Ping	273
15.4.2 Tracert	273
Appendix A. Specifications	275

Match case Limit results 1 per page

208



Man-In-The-Middle Attack

The attacker continuously sends the false ARP packets to the Hosts in LAN so as to make the

Hosts maintain the wrong ARP table. When the Hosts in LAN communicate with one another, they

will send the packets to the attacker according to the wrong ARP table. Thus, the attacker can get

and process the packets before forwarding them. During the procedure, the communication

packets information between the two Hosts are stolen in the case that the Hosts were unaware of

the attack. That is called Man-In-The-Middle Attack. The Man-In-The-Middle Attack is illustrated in

the following figure.

Figure 12-13 Man-In-The-Middle Attack

Suppose there are three Hosts in LAN connected with one another through a switch.

Host A: IP address is 192.168.0.101; MAC address is 00-00-00-11-11-11.

Host B: IP address is 192.168.0.102; MAC address is 00-00-00-22-22-22.

Attacker: IP address is 192.168.0.103; MAC address is 00-00-00-33-33-33.

1. First, the attacker sends the false ARP response packets.

2. Upon receiving the ARP response packets, Host A and Host B updates the ARP table of their

own.

3. When Host A communicates with Host B, it will send the packets to the false destination MAC

address, i.e. to the attacker, according to the updated ARP table.

4. After receiving the communication packets between Host A and Host B, the attacker processes

and forwards the packets to the correct destination MAC address, which makes Host A and

Host B keep a normal-appearing communication.

5. The attacker continuously sends the false ARP packets to the Host A and Host B so as to make

the Hosts always maintain the wrong ARP table.

In the view of Host A and Host B, their packets are directly sent to each other. But in fact, there is a

Man-In-The-Middle stolen the packets information during the communication procedure. This kind

of ARP attack is called Man-In-The-Middle attack.



ARP Flooding Attack

The attacker broadcasts a mass of various fake ARP packets in a network segment to occupy the

network bandwidth viciously, which results in a dramatic slowdown of network speed. Meantime,

the Gateway learns the false IP address-to-MAC address mapping entries from these ARP