DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual
263
Destination
address Source
address Ethernet
type H/W t ype Protocol
type H/W
address
length
Protocol
address
length
Operation Sender H/W
address Sender
protocol
address
Target H/W
address Target
protocol
address
(6-byte) (6-byte) (2-byte) (2-byte) (2-byte) (1-byte) (1-byte) (2-byte) (6-byte) (4-byte) (6-byte) (4-byte)
FF-FF-FF-FF-FF-FF 00-20-5C-01-11-11 806 ARP reply 00-20-5C-01-11-11 10.10.10.254 00-20-5C-01-11-11 10.10.10.254
Table-5
A common DoS attack today can be done by associating a nonexistent or specified MAC address to the IP a ddress of
the network’s default gateway. The malicious attacker only needs to broadcast ONE Gratuit ous ARP to the network
claiming it is the gateway so that the whole network operation will be turned do wn as all pac k ets t o the Inter net will be
directed to the wrong node.
Likewise, the attacker can either choose to forward the traffic to th e ac tu al def au l t gat e wa y (passive sniffing) or modify
the data before forwarding it (man-in-the-middle attack). The hacker cheats the victim ’s PC to think that it is a router
and cheats the router to think it is the victim. As can be seen in Figure-5 all traffic will be then sniffed by the hac k er but
the users will not notice anything happening.
Figure-5
Gratuitous ARP
Ethernet