Manualshelf

User Manual

ManualsBrandsD-Link ManualsWork Lightsdgs-3420
901902903904905906907908909910
xStack® DGS-3420 Series Layer 2 Managed Stackable Gigabit Switch CLI Reference Guide
902
A common DoS attack today can be done by associating a nonexistent or any specified MAC
address to the IP address of the network’s default gateway. The malicious attacker only needs to
broadcast one Gratuitous ARP to the network claiming it is the gateway so that the whole network
operation will be turned down as all packets to the Internet will be directed to the wrong node.
Figure 12 Network Vulnerable
Likewise, the attacker can either choose to forward the traffic to the actual default gateway
(passive sniffing) or modify the data before forwarding it (man-in-the-middle attack). The hacker
cheats the victim PC that it is a router and cheats the router that it is the victim. As can be seen in
Figure 12 all traffic will be then sniffed by the hacker but the users will not discover.
Prevent ARP Spoofing using Packet Content ACL
D-Link managed switches can effectively mitigate common DoS attacks caused by ARP spoofing
via a unique Package Content ACL.