DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual
262
How ARP spoofing attacks a network
ARP spoofing, also known as ARP poisoning, is a method to attack an Ethernet net work which m ay allow a n attack er
to sniff data frames on a LAN, modify the traffic, or stop the traf fic altogether (known as a De nial of Service - DoS
attack). The principle of ARP spoofing is to send the fake, or spoofed AR P messages to an Ethernet network.
Generally, the aim is to associate the attacker's or random MAC address with the IP address of another n od e (s uc h as
the default gateway). Any traffic meant for that IP address would be mistakenly re-directe d to the node specified by
the attacker.
IP spoofing attack is caused by Gratuitous ARP that occurs when a host sends an AR P request to r esolve its own IP
address. Figure-4 shows a hacker within a LAN to initiate ARP spoofing att ack.
Figure-4
In the Gratuitous ARP packet, the “Sender protocol address” and “Tar get protocol address” are fi lled with the same
source IP address. The “Sender H/W Address” and “Target H/W address” are filled with the same source MAC
address. The destination MAC address is the Ethernet broadcast a ddress (FF -FF-FF-FF-FF-FF). All nodes within the
network will immediately update their own ARP table in accordance with the sender’s MAC and IP address. The
format of Gratuitous ARP is shown in Table-5.