Manual
199
User Guide
© 2014 Luxul. All Rights Reserved.
Other trademarks and registered trademarks are the property of their respective owners
NOTE: If you want to enable the DHCP Snooping feature for a member
Port of a LAG Group, please ensure the parameters of all Member
Ports are the same.
12.2 ARP Inspection
According to the ARP Implementation Procedure stated in 12.1.3. ARP Scanning, the
ARP protocol facilitates Hosts in the Network to communicate with one another or
access external Networks via Gateway. However, ARP protocol is implemented under
the premise that all Hosts and Gateways are trusted, there are security risks inherent in
ARP Implementation. Cheat attacks against ARP, such as Imitating Gateway, Cheating
Gateway, Cheating Terminal Hosts and ARP Flooding, can occur on the Network, in
larger Networks such as campus Networks, large corporations, public Networks, etc.
Imitating Gateway
An attacker sends the MAC Address of a forged Gateway to a Host, the Host will
automatically update the ARP table after receiving the ARP response packets, which
causes that Host to use the counterfeit Gateway. The ARP Attack Imitating Gateway is
illustrated in the following fi gure:
Figure 12-9 ARP Attack - Imitating Gateway
As the above fi gure shows, when the Host tries to communicate with Gateway, the
Host will encapsulate the false destination MAC Address, which results in a breakdown
of the normal communication.