Home » TP-Link Manuals » Hubs & Switches » TP-Link TL-SG5412F » Manual Viewer

TP-Link TL-SG5412F TL-SG5412F V1 User Guide - Page 166

Man-In-The-Middle Attack

Add to My Manuals
Save this manual to your list of manuals

Page 166 highlights

As the above figure shown, the attacker sends the fake ARP packets of Host A to Host B, and then Host B will automatically update its ARP table after receiving the ARP packets. When Host B tries to communicate with Host A, it will encapsulate this false destination MAC address for packets, which results in a breakdown of the normal communication.  Man-In-The-Middle Attack The attacker continuously sends the false ARP packets to the Hosts in LAN so as to make the Hosts maintain the wrong ARP table. When the Hosts in LAN communicate with one another, they will send the packets to the attacker according to the wrong ARP table. Thus, the attacker can get and process the packets before forwarding them. During the procedure, the communication packets information between the two Hosts are stolen in the case that the Hosts were unaware of the attack. That is called Man-In-The-Middle Attack. The Man-In-The-Middle Attack is illustrated in the following figure. Figure 11-12 Man-In-The-Middle Attack Suppose there are three Hosts in LAN connected with one another through a switch. Host A: IP address is 192.168.0.101; MAC address is 00-00-00-11-11-11. Host B: IP address is 192.168.0.102; MAC address is 00-00-00-22-22-22. Attacker: IP address is 192.168.0.103; MAC address is 00-00-00-33-33-33. 1. First, the attacker sends the false ARP response packets. 2. Upon receiving the ARP response packets, Host A and Host B updates the ARP table of their own. 3. When Host A communicates with Host B, it will send the packets to the false destination MAC address, i.e. to the attacker, according to the updated ARP table. 4. After receiving the communication packets between Host A and Host B, the attacker processes and forwards the packets to the correct destination MAC address, which makes Host A and Host B keep a normal-appearing communication. 5. The attacker continuously sends the false ARP packets to the Host A and Host B so as to make the Hosts always maintain the wrong ARP table. In the view of Host A and Host B, their packets are directly sent to each other. But in fact, there is a Man-In-The-Middle stolen the packets information during the communication procedure. This kind of ARP attack is called Man-In-The-Middle attack. 157

Section	Page
1.1 Intended Readers	11
1.2 Conventions	11
1.3 Overview of This Guide	11
2.1 Overview of the Switch	16
2.2 Main Features	16
2.3 Appearance Description	17
2.3.1 Front Panel	17
2.3.2 Rear Panel	18
3.1 Login	19
3.2 Configuration	19
4.1 System Info	21
4.1.1 System Summary	21
4.1.2 Device Description	23
4.1.3 System Time	23
4.1.4 System IP	25
4.2 User Manage	26
4.2.1 User Table	26
4.2.2 User Config	27
4.3 System Tools	28
4.3.1 Config Restore	28
4.3.2 Config Backup	29
4.3.3 Firmware Upgrade	29
4.3.4 System Reboot	30
4.3.5 System Reset	30
4.4 Access Security	31
4.4.1 Access Control	31
4.4.2 SSL Config	32
4.4.3 SSH Config	33
5.1 Port	39
5.1.1 Port Config	39
5.1.2 Port Mirror	40
5.1.3 Port Security	42
5.1.4 Port Isolation	44
5.2 LAG	45
5.2.1 LAG Table	45
5.2.2 Static LAG	47
5.2.3 LACP Config	48
5.3 Traffic Monitor	50
5.3.1 Traffic Summary	50
5.3.2 Traffic Statistics	51
5.4 MAC Address	53
5.4.1 Address Table	53
5.4.2 Static Address	55
5.4.3 Dynamic Address	56
5.4.4 Filtering Address	58
6.1 802.1Q VLAN	61
6.1.1 VLAN Config	62
6.1.2 Port Config	65
6.2 Protocol VLAN	67
6.2.1 Protocol VLAN	67
6.2.2 Protocol Template	68
6.2.3 Port Enable	69
6.3 Application Example for 802.1Q VLAN	70
6.4 Application Example for Protocol VLAN	71
6.5 VLAN VPN	73
6.5.1 VPN Config	74
6.5.2 Port Enable	74
6.6 GVRP	75
6.7 Private VLAN	78
6.7.1 PVLAN	82
6.7.2 Port Config	83
6.8 Application Example for Private VLAN	84
7.1 STP Config	92
7.1.1 STP Config	92
7.1.2 STP Summary	93
7.2 Port Config	94
7.3 MSTP Instance	96
7.3.1 Region Config	97
7.3.2 Instance Config	97
7.3.3 Instance Port Config	98
7.4 STP Security	100
7.4.1 Port Protect	100
7.4.2 TC Protect	103
7.5 Application Example for STP Function	103
8.1 IGMP Snooping	109
8.1.1 Snooping Config	110
8.1.2 Port Config	111
8.1.3 VLAN Config	113
8.1.4 Multicast VLAN	114
8.2 Multicast IP	118
8.2.1 Multicast IP Table	118
8.2.2 Static Multicast IP	119
8.3 Multicast Filter	120
8.3.1 IP-Range	120
8.3.2 Port Filter	121
8.4 Packet Statistics	122
9.1 DiffServ	126
9.1.1 Port Priority	126
9.1.2 Schedule Mode	127
9.1.3 802.1P Priority	128
9.1.4 DSCP Priority	129
9.2 Bandwidth Control	131
9.2.1 Rate Limit	131
9.2.2 Storm Control	132
9.3 Voice VLAN	134
9.3.1 Global Config	136
9.3.2 Port Config	136
9.3.3 OUI Config	138
10.1 Time-Range	140
10.1.1 Time-Range Summary	140
10.1.2 Time-Range Create	141
10.1.3 Holiday Config	142
10.2 ACL Config	142
10.2.1 ACL Summary	143
10.2.2 ACL Create	143
10.2.3 MAC ACL	144
10.2.4 Standard-IP ACL	145
10.2.5 Extend-IP ACL	145
10.3 Policy Config	147
10.3.1 Policy Summary	147
10.3.2 Policy Create	147
10.3.3 Action Create	148
10.4 Policy Binding	149
10.4.1 Binding Table	149
10.4.2 Port Binding	150
10.4.3 VLAN Binding	150
11.1 IP-MAC Binding	154
11.1.1 Binding Table	154
11.1.2 Manual Binding	155
11.1.3 ARP Scanning	157
11.1.4 DHCP Snooping	158
11.2 ARP Inspection	164
11.2.1 ARP Detect	167
11.2.2 ARP Defend	168
11.2.3 ARP Statistics	169
11.3 IP Source Guard	170
11.4 DoS Defend	171
11.5 802.1X	172
11.5.1 Global Config	176
11.5.2 Port Config	178
11.5.3 Radius Server	179
12.1 SNMP Config	183
12.1.1 Global Config	183
12.1.2 SNMP View	184
12.1.3 SNMP Group	185
12.1.4 SNMP User	186
12.1.5 SNMP Community	188
12.2 Notification	190
12.3 RMON	192
12.3.1 History Control	192
12.3.2 Event Config	193
12.3.3 Alarm Config	194
13.1 Basic Config	200
13.1.1 Global Config	200
13.1.2 Port Config	202
13.2 Device Info	202
13.2.1 Local Info	203
13.2.2 Neighbor Info	203
13.2.3 Device Statistics	204
14.1 NDP	208
14.1.1 Neighbor Info	208
14.1.2 NDP Summary	209
14.1.3 NDP Config	210
14.2 NTDP	211
14.2.1 Device Table	211
14.2.2 NTDP Summary	213
14.2.3 NTDP Config	215
14.3 Cluster	216
14.3.1 Cluster Summary	216
14.3.2 Cluster Config	219
14.3.3 Member Config	221
14.3.4 Cluster Topology	222
14.4 Application Example for Cluster Function	224
15.1 System Monitor	227
15.1.1 CPU Monitor	227
15.1.2 Memory Monitor	228
15.2 Log	229
15.2.1 Log Table	230
15.2.2 Local Log	231
15.2.3 Remote Log	231
15.2.4 Backup Log	232
15.3 Device Diagnose	233
15.3.1 Cable Test	233
15.3.2 Loopback	234
15.4 Network Diagnose	235
15.4.1 Ping	235

Match case Limit results 1 per page

As the above figure shown, the attacker sends the fake ARP packets of Host A to Host B, and then

Host B will automatically update its ARP table after receiving the ARP packets. When Host B tries

to communicate with Host A, it will encapsulate this false destination MAC address for packets,

which results in a breakdown of the normal communication.



Man-In-The-Middle Attack

The attacker continuously sends the false ARP packets to the Hosts in LAN so as to make the

Hosts maintain the wrong ARP table. When the Hosts in LAN communicate with one another, they

will send the packets to the attacker according to the wrong ARP table. Thus, the attacker can get

and process the packets before forwarding them. During the procedure, the communication

packets information between the two Hosts are stolen in the case that the Hosts were unaware of

the attack. That is called Man-In-The-Middle Attack. The Man-In-The-Middle Attack is illustrated in

the following figure.

Figure 11-12 Man-In-The-Middle Attack

Suppose there are three Hosts in LAN connected with one another through a switch.

Host A: IP address is 192.168.0.101; MAC address is 00-00-00-11-11-11.

Host B: IP address is 192.168.0.102; MAC address is 00-00-00-22-22-22.

Attacker: IP address is 192.168.0.103; MAC address is 00-00-00-33-33-33.

First, the attacker sends the false ARP response packets.

Upon receiving the ARP response packets, Host A and Host B updates the ARP table of

their own.

When Host A communicates with Host B, it will send the packets to the false destination

MAC address, i.e. to the attacker, according to the updated ARP table.

After receiving the communication packets between Host A and Host B, the attacker

processes and forwards the packets to the correct destination MAC address, which

makes Host A and Host B keep a normal-appearing communication.

The attacker continuously sends the false ARP packets to the Host A and Host B so as to

make the Hosts always maintain the wrong ARP table.

In the view of Host A and Host B, their packets are directly sent to each other. But in fact, there is a

Man-In-The-Middle stolen the packets information during the communication procedure. This kind

of ARP attack is called Man-In-The-Middle attack.

157