Manual

ManualsBrandsLuxul ManualsRoutersXMS-1024P

201

202

203

204

205

206

207

208

209

210

202

XMS-1024P

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

Suppose there are three Hosts in LAN connected with one another through a Switch.

Host A: IP Address is 192.168.0.101; MAC address is 00-00-00-11-11-11.

Host B: IP Address is 192.168.0.102; MAC address is 00-00-00-22-22-22.

Attacker: IP Address is 192.168.0.103; MAC address is 00-00-00-33-33-33.



The attacker sends the counterfeit ARP Response packets.



Upon receiving the ARP Response packets, Host A and Host B update their

ARP Tables.



When Host A communicates with Host B, it will send the packets to the counterfeit

destination MAC Address, (i.e. to the attacker) using the updated ARP Table.



After receiving the communication packets between Host A and Host B, the attacker

processes and forwards the packets to the correct destination MAC Address, which

makes Host A and Host B maintain an uninterrupted normal-appearing connection.



The attacker continuously sends counterfeit ARP packets to Host A and Host B to get

the Hosts to maintain the counterfeit ARP Table.

Host A and Host B think their packets are directly sent to each other. But in fact there is

a Man-In-The-Middle stealing the packet information during communication.

ARP Flood Attack

In an ARP Flood attack, the attacker broadcasts a mass of various fake ARP packets in

a Network to occupy the maximum amount of Network bandwidth possible. This can

result in a dramatic slowdown of Network speed. In the meantime, the Gateway learns

the false IP Address-to-MAC Address mapping entries from these ARP packets and

updates its ARP table. As a result, the ARP table is ﬁlled with false entries and is unable

to learn the ARP entries of valid Hosts. This causes the valid Hosts to lose access to all

internal and external Networks.

The IP-MAC Binding function allows the Switch to bind the IP Address, MAC address,

VLAN ID and Port Number of the Host together when the Host connects to the Switch.

Based on the predeﬁned IP-MAC Binding entries, the ARP Inspection function can be

used to detect ARP packets and ﬁlter counterfeit ARP packets to prevent ARP attacks.

The ARP Inspection function is implemented on the ARP Detection, ARP Defense and

ARP Statistics pages.

12.2.1 ARP Detection

Allows the Switch to detect ARP packets based on the Bound Entries in the IP-MAC

Binding Table and ﬁlter counterfeit ARP packets to prevent ARP attacks.