Wednesday, September 5, 2012

How Address Resolution Protocol (ARP) Attack VLAN

VLAN (Virtual LAN) is the concept of partitioning a physical network, so that distinct broadcast domains are created. Regardless of server location, VLAN is able to maintain private network communication with each host. It provides users with a separate network segment, with the added benefit of saving bandwidth and equipment usage, thus helping companies save costs.

VLAN is suitable for private network connections, however, it is not particularly safe. VLAN builds on the second layer of the OSI data link layer. Although each OSI layer is independent, they are interrelated. If one of the layers has problems, it will also affect the data transfer of other layers. The potential security threats are:

Address Resolution Protocol (ARP) Spoofing
The working principle of ARP is actually the process of turning the third layer IP address into the second layer MAC address.

A malicious user can forge the IP address and MAC address. ARP protocol cannot detect fake information, which causes safety problems. The malicious user will be mistaken as a legitimate user, and will be free to use the network resources and have administrator access. Furthermore, they can even send ARP packets in the VLAN devices.

When the hacker sends an ARP data packet to the targeted victim, the packet cannot be detected because the received ARP table has been forged. The hacker can receive the actual device messages, and can even attempt to receive information from other network devices. The hacker then hides his/her identity by restoring the ARP data table and network equipment back to normal process.

Famous ARP spoofing tools such as rpspoof, Arpoison, Cain and Abel, Ettercap, and Trapper are inspired from Cain.

An effective strategy to deal with ARP attacks is dynamic ARP monitoring (DAI). DAI is an ARP packet network authentication security feature that can remove the IP address and MAC address in the ARP data packet.

Steps to configure the router to prevent ARP attacks:
  1. VLAN DAI status (CISCO DHCP environment)
  2. Enter the global configuration command
  3. Router# configure terminal
  4. Through the use iparp checking VLAN {vlan_id | vlan_range} global configuration allows use in VLAN DAI
  5. Router (config) # iparp inspection vlan {vlan_ID | vlan_range}
  6. Finally, verify the configuration
  7. Router (config-if) # do show iparp inspection vlan {vlan_ID | vlan_range} | begin Vlan
Posted by at
Labels: , ,

4 comments:

  1. Laura BushDecember 21, 2021 at 11:40 PM

    The article you've shared here is fantastic because it provides some excellent information that will be incredibly beneficial to me. Thank you for sharing that. Keep up the good work. Ethical Hacker For Hire

    ReplyDelete
  2. Best Antivirus Software For LaptopDecember 23, 2021 at 3:45 AM

    Hi everyone, it’s my first visit at this web site, and piece of writing is really fruitful for me, Quality content is the key to invite the users to go to see the site, that’s what this website is providing. Keep up posting these articles or reviews. You can also visit Top Antivirus for pc for more related information and knowledge.

    ReplyDelete
  3. HackvistJanuary 7, 2022 at 10:07 PM

    You composed this post cautiously which is beneficial for us. I got some different kind of information from your article and I will suggest reading this article who need this info. Thanks for share it. certified hackers for hire

    ReplyDelete
  4. klausAugust 6, 2023 at 6:24 AM

    IoT SIM cards that can be used anywhere in the world are revolutionizing international business. These Roaming IoT SIM Card provide a comprehensive solution for enterprises with international operations, including supply chain management and energy monitoring. Global, real-time data sharing improves optimization and decision-making processes. It's remarkable how technology is eliminating borders and increasing productivity.

    ReplyDelete

Subscribe to: Post Comments (Atom)