Ethernet Gratuitous ARP | D-Link DGS-3700 guide

DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual

Ethernet

Gratuitous ARP

Destination	Source
address	address
(6-byte)	(6-byte)

FF-FF-FF-FF-FF-FF 00-20-5C-01-11-11

Ethernet	H/W type	Protocol	H/W	Protocol	Operation
type		type	address	address
			length	length
(2-byte)	(2-byte)	(2-byte)	(1-byte)	(1-byte)	(2-byte)
806					ARP reply

Sender H/W	Sender	Target H/W	Target
address	protocol	address	protocol
	address		address
(6-byte)	(4-byte)	(6-byte)	(4-byte)
00-20-5C-01-11-11	10.10.10.254	00-20-5C-01-11-11	10.10.10.254

Table-5

A common DoS attack today can be done by associating a nonexistent or specified MAC address to the IP address of the network’s default gateway. The malicious attacker only needs to broadcast ONE Gratuitous ARP to the network claiming it is the gateway so that the whole network operation will be turned down as all packets to the Internet will be directed to the wrong node.

Likewise, the attacker can either choose to forward the traffic to the actual default gateway (passive sniffing) or modify the data before forwarding it (man-in-the-middle attack). The hacker cheats the victim’s PC to think that it is a router and cheats the router to think it is the victim. As can be seen in Figure-5 all traffic will be then sniffed by the hacker but the users will not notice anything happening.

Figure-5

263

Image 274

D-Link DGS-3700 user manual Ethernet Gratuitous ARP

Contents

Copyright 2009. All rights reserved Page Table of Contents DDM L2 Features QoS Security ACL Save Services and Tools 258 Preface Intended Readers Typographical Conventions Login to Web Manager Introduction Web-based User Interface Areas of the User Interface Area Web PagesArea Function Page Configuration Device Information System Information Parameter Description Baud Rate Serial Port SettingsFields that can be configured are described below Auto Logout IP Address Settings window IP Address Bootp Dhcp Interface Settings Setting the Swith’s IP Address using the Console Interface Address Parameter Description Interface NameIPv6 Network IPv6 State IPv6 Neighbor Settings IPv6 Route SettingsAutomatic Link Local Address Neighbor IPv6 Port ConfigurationPort Settings Address Link Layer MAC Port Description Static ARP Settings Port Error Disabled User Accounts Password Admin, Operator and User PrivilegesNew Password Management Admin Operator User Admin, Operator and User Privileges User Account Management System Log Settings System Log ConfigurationSystem Log Server UDP Port Parameter Description Server IDServer IP Address 514 or Severity Parameter Description System Severity System Severity SettingsSeverity Level Dhcp Relay Global Settings Dhcp Relay Check Dhcp Relay AgentInformation Option Policy Circuit ID sub-option format Implementation of Dhcp Information Option 82 on the SwitchRemote ID sub-option format Parameter Description Relay IP Address Dhcp Relay Interface SettingsDhcp Relay Option 60 Default Settings Mode Dhcp Relay Option 60 Settings Dhcp Relay Option 61 Default Settings Parameter Description Client ID Out of Band Management SettingsDhcp Relay Option 61 Settings Relay Rule Parameter Description IP Address External Alarm SettingsDhcp Auto Configuration Settings Link Status Telnet Settings Web SettingsMAC Address Aging Time Firmware Information Password EncryptionClipaging Settings Parameter Description Version Dual Configuration SettingsUpdate Time Size Bytes Ping Test IPv6 Ping Test Local Loopback Ports SettingsTimeout Size Vlan Counter Settings Sntp Settings Time Settings TimeZone Settings Hhmm MAC Notification Settings MAC Notification Global Settings MAC Notification Port Settings ParameterDescription Traps Snmp SettingsMIBs Parameter Description View Name Snmp Global State SettingsSnmp View Table Subtree OID Snmp Group Table Snmp User Table Snmp Community Table Parameter Description Community Name Snmp Host Table Snmp v6Host Table String/SNMPv3 User Snmp Engine IDCommunity Name Parameter Description Range Name Time Range SettingsSnmp Trap Configuration Hours SFlow SFlow Global State SettingsSFlow Analyzer Server Settings ParameterDescription Analyzer Server ID SFlow Flow Sampler Settings SFlow Counter Poller Settings Following parameters can be configured Single IP Management Single IP Settings Upgrade to Topology Speed Parameter Description Device NameRemote Port Local Port 62 Topology view Icon Description Tool Tips 63 Device Information Utilizing the Tool Tip Right-Click Group Icon Member Switch Icon Commander Switch IconCandidate Switch Icon Menu Bar Firmware Upgrade Configuration File Backup/Restore Upload Log File DDM SettingsBrowse DDM Status List DDM Temperature Threshold Settings DDM Voltage Threshold Settings DDM Bias Current Threshold Settings DDM Tx Power Threshold Settings DDM Rx Power Threshold Settings Parameter Description From Port / To Port Jumbo Frame Jumbo Frame window Understanding Ieee 802.1p Priority VLANsVlan Description Ieee 802.1Q VLANs Ieee 802.1Q Packet Forwarding 802.1Q Vlan Tags Ieee 802.1Q Tag Tagging and Untagging Port Vlan IDIngress Filtering Vlan Segmentation Default VLANsPort-based VLANs VID Destination Source Double VLANsVlan and Trunk Groups Spvlan Tpid + Regulations for Double VLANs Double Vlan Example 802.1Q Vlan Current 802.1Q Static VLANs Entries window 802.1Q Vlan window Add/Edit Vlan Tab Tagged Port SettingsAdvertisement Untagged 10 802.1Q Vlan window Vlan Batch Settings window Subnet Vlan Subnet Vlan SettingsVlan Precedence Settings Vlan ID In-Q In-Q SettingsVlan Precedence Vlan Translation Settings For ingress untagged packets at UNI ports In-Q and Vlan Translation RulesFor ingress tagged packets at UNI ports 802.1v Protocol Group Settings 802.1v Protocol Vlan Check the Select All Ports box 802.1v Protocol Vlan Settings802.1p Priority Search Port List Rspan Settings Gvrp Settings Gvrp Gvrp Global SettingsPvid Leave All Time MAC-based Vlan SettingsPvid Auto Assign Settings NNI Bpdu Port Trunking Understanding Port Trunk Groups Active Port Parameter Description AlgorithmMaster Port Member Ports Lacp Port Settings Activity Traffic Segmentation Forward Portlist Bpdu Tunneling Settings 27 Bpdu Tunneling window Rate Limit Igmp Snooping SettingsIgmp Snooping Querier IP Robustness Value Time Query IntervalMax Response 255 Igmp Snooping Rate Limit Settings Igmp Snooping Static Group Settings Igmp Snooping Multicast Vlan Settings Igmp Multicast Group Profile SettingsFollowing fields can be set IPv4 Multicast Profile Settings IPv4 Limited Multicast Range Settings IPv4 Max Multicast Group Settings MLD Snooping MLD Snooping SettingsMLD Control Messages Max Response Time Query Expiry TimeQuery Interval 1-65535 sec 25 sec MLD Snooping Rate Limit Settings 43 MLD Snooping Router IP Settings Modify window MLD Multicast Group Profile Settings MLD Snooping Static Group SettingsIPv6 Address 1,6 Source Port MLD Snooping Multicast Vlan Settings1,6 IPv6 Multicast Profile Settings Tagged Member Port e.g.1-4,6 IPv6 Limited Multicast Range Settings IPv6 Max Multicast Group Settings Port Mirror 55 Port Mirror window Parameter Description LBD State Loopback Detection SettingsRecover Time Trap Status Port Transition States Spanning Tree802.1w Rapid Spanning Tree Edge Port P2P Port 802.1D and 802.1w Compatibility STP Bridge Global Settings Max Hops NNI Bpdu Address STP Port Settings External Cost 0=Auto MST Configuration Identification P2P Revision Level STP Instance SettingsParameter Description Configuration Name Msti ID Internal Path cost Mstp Port InformationInstance ID 200000000 Unicast Forwarding Forwarding & FilteringMulticast Forwarding Multicast Filtering Mode Multicast MAC Lldp Global Settings Parameter Description From Port /To Port Lldp Port SettingsAdmin Status Notification Lldp Management Address List Lldp Basic TLVs SettingsParameter Description Address Lldp Dot1 TLVs Settings Vlan Lldp Statistics System Lldp Dot3 TLVs SettingsMAC/PHY Lldp Local Port Information 72 Lldp Statistics System window CFM Port Settings Lldp Remote Port Information CFM MPs Reply LTRs CFM CCM PDUs Forwarding ModeCFM Mipccm List Connectivity Fault Management SettingsMD Connectivity Fault Management SettingsConnectivity Fault Management CreateMD Parameter Description CFM State MEP CFM Loopback SettingsMIP LBM CFM Linktrace Settings Remote Loopback Ethernet OAM SettingsEthernet OAM Received Remote Ethernet OAM Configuration Settings QoS Advantages of QoS Mapping QoS on the Switch Understanding QoSPage Bandwidth Control HOL Blocking PeventionNo Limit Traffic Control Traffic Control window Count Down Traffic Trap Setting Traffice TrapSettings Time Interval 802.1p Default Priority 802.1p Default Priority window 802.1p User Priority QoS Scheduling Mechanism Scheduling QoS SchedulingMechanism Band Manage Settings Class ID Sred Settings Band Manage Settings Click Apply to implement changes 141 Dscp Map Settings Dscp Trust SettingsSred Drop Counter Dscp Map Dscp List0-63 Priority List0-7 802.1p Map SettingsColor Safeguard Engine Security Safeguard Engine window Trusted Host IMP Binding Global SettingsIP-MAC-Port Binding IMP Binding Port Settings Parameter ACL Mode Trap / Log Dhcp Snoop State Packet Allow Zero IPForward Dhcp Max Entry IMP Binding Entry Settings Ports Dhcp Snooping Entries Port Security Port SettingsPort Security MAC Block List Lock Address Port Security Vlan SettingsAdmin State Max. Learning Vlan ID e.g.1,4-6 Dhcp Server Screening SettingsPort Security Entries Max Learning Dhcp Offer Filtering Dhcp Screening Port SettingsParameterDescription Server IP Address 802.1X 802.1X Port-Based and Host-Based Access ControlAuthentication Server Client’s MAC Address Authenticator 16 The Authentication Server Authentication Process Client Port-Based Network Access Control 20 Example of Typical Port-Based Configuration Host-Based Network Access Control 21 Example of Typical Host-Based Configuration 802.1X Port Settings 802.1X Global SettingsPDU ReAuthentication SuppTimeoutServerTimeout QuietPeriod Authentication Radius Server 802.1X User Initialize Ports Reauthenticate PortsConfirm Key Guest Vlan Configuration Limitations Using the Guest Vlan SSL Settings Guest Vlan Download Certificate Ciphersuite CBC SHA EDE CBC SHA SSH Settings SSH Authmode and Algorithm Settings HMAC-MD5 SSH User Authentication ListsHMAC-SHA1 HMAC-RSA Access Authentication Control Host NamePage Authentication Policy Settings Application Authentication Settings Authentication Server Group 37 Authentication Server Group Settings window Authentication Server 38 Authentication Server Group Settings Edit window Login Method Lists ParameterDescription Method List Name Enable Method ListsPriority 1, 2, 3 Local Enable Password Settings 41 Enable Method List window Radius Accounting Settings 42 Local Enable Password window MAC-based Access Control MAC-based Access Control Settings Guest Vlan Name Parameter Description Settings MBA Global StateMethod Guest Vlan ID MAC-based Access Control Local Settings Hold Time Web Authentication Conditions and Limitations Web-based Access Control SettingsParameterDescription State 1440 Authentication Web-based Access Control User SettingsLogout Timer Redirection NetBIOS Filtering Settings NetBIOS FilteringConfirmation Access ID ACL Configuration WizardParameterDescription Type Option Access Profile ListApply To Add Access Profile Ethernet Destination MAC Parameter Description Ethernet ACLSource MAC Mask Mask Select ACL Type Access Profile List Ethernet Ethernet Type Replace Priority Parameter Description Access IDVlan Mask Replace Dscp Rx Rate PrecedenceTime Range Counter Destination IP Mask DscpSource IP Mask Icmp Type 11 Access Profile List IPv4 12 Access Profile Details IPv4 Icmp Time Range Name IPv6 TCP Parameter Description IPv6 ClassIPv6 Flow Label IPv6 UDP 17 Access Profile List IPv6 Class Flow Label 20 Access Rule List IPv6 22 Add Packet Content ACL Profile Parameter Description Chunk 23 Access Profile List Packet Content 25 Access Profile Packet Content 26 Access Rule List Packet Content CPU Interface Filtering CPU Access Profile List 28 CPU Access Profile List window Mask Destination MAC Source MACMask 802.1Q Vlan Parameter Description Select Profile ID IPv4 Dscp 209 33 Add CPU ACL Profile window for IPv6 Select ACL Parameter Description Select ProfileOffset 37 CPU Access Rule List window for Ethernet 39 CPU Access Rule Detail Information window for Ethernet 40 CPU Access Rule List window for IP 42 CPU Access Rule Detail Information window for IP 45 CPU Access Rule Detail Information window for IPv6 ACL Finder ACL Flow Meter 50 ACL Flow Meter window Mode Cable Diagnostic Device Status Record Number CPU UtilizationParameter Description Time Interval Show/Hide Port Utilization Packet Size Packet Size window Packets Memory UtilizationReceived RX Received RX window for Bytes and Packets UMBcast RX Transmitted TX 12 Transmitted TX window for Bytes and Packets Bytes Errors 14 Received RX window for errors UnderSize CRCErrorSymbol OverSize 16 Transmitted TX window for errors ExDefer Port Access Control Radius Authentication Radius Account Client Retransmissions ServerAddressRequests Responses Auth PAE State Authenticator StateParameter Description MAC Address Backend State Authenticator Statistics 22 Authenticator Statistics window for MAC-based Authenticator Session Statistics Authenticator Diagnostics Connect LogOff Auth TimeoutConnect Enter Auth Enter Browse ARP Table Browse Vlan 27 Browse ARP Table window Browse Igmp Router Port Show Vlan PortsIgmp Snooping Group Igmp Snooping Forwarding Table Browse Igmp Snooping Counter Browse MLD Router Port MLD Snooping Group MLD Snooping Forwarding Table 35 MLD Snooping Group window Browse MLD Snooping Counter Browse Session TableCFM Packet Counter List CFM Packet Counter CCM List Browse CFM Fault MEPBrowse CFM Port MP List Browse Vlan Counter Statistics MAC Address TableFunctions used in the MAC address table are described below Browse Ethernet OAM Event Log Browse Ethernet OAM Statistics 46 Browse Ethernet OAM Statistics window Browse Historical Counter Packet/ErrorHistorical Counter & Utilization Minutes/1 Day System Log Browse Historical Utilization Date-Time Parameter Description Log TypeLog Text Save Configuration ID Save Configuration ID 1 window Save Log Save All Reset Configuration File Backup & RestoreUpload Log File Reboot System Download Firmware ARP ARP FCS Ethernet frame format Forwarding Table Destination address Source address Ether-type Port2 00-20-5C-01-22-22 How ARP spoofing attacks a network Ethernet Gratuitous ARP Prevent ARP spoofing via packet content ACL Example topology Ethernet Offset Chunk 266 System Log Entries Category Event Description Log Information Severity SSL AAA Page Page Page IP-MAC DOS DDM Proprietary Trap List DGS-3700 Series Trap ListTrap Name/OID Variable Bind Format MIB Name Severity Equipment Glossary Page Password Recovery Procedure Command Parameters Command Parameters