ARP attack defense configuration

Although ARP is easy to implement, it provides no security mechanism and thus is prone to network attacks. ARP attacks and viruses are threatening LAN security. The device can provide multiple features to detect and prevent such attacks. This chapter mainly introduces these features.

ARP detection

Introduction to ARP detection

The ARP detection feature allows only the ARP packets of authorized clients to be forwarded, preventing man-in-the-middle attacks.

Man-in-the-middle attack

According to the ARP design, after receiving an ARP reply, a host adds the IP-to-MAC mapping of the sender to its ARP mapping table. This design reduces the ARP traffic on the network, but also makes ARP spoofing possible.

As shown in a, Host A communicates with Host C through a switch. After intercepting the traffic between Host A and Host C, a hacker (Host B) forwards forged ARP replies to Host A and Host C respectively. Upon receiving the ARP replies, the two hosts update the MAC address corresponding to the peer IP address in their ARP tables with the MAC address of Host B (MAC_B). After that, Host B establishes independent connections with Host A and Host C and relays messages between them, deceiving them into believing that they are talking directly to each other over a private connection, while the entire conversation is actually controlled by Host B. Host B may intercept and modify the communication data. Such an attack is called a man-in-the-middle attack.

315