This tug-of-war continues between the intruder and the real host
that is claiming the same MAC address, thereby confusing the switch CAM table and causing repetitive rewrites
of MAC table entries. This not only causes a denial of service to the real host, but also has a performance impact
on the switch because the intruder sends a large number of forged MAC addresses.
MAC Spoofing Attack Mitigation
Using a technique that is similar to the CAM table overflow mitigation technique, you use the Port Security
feature to mitigate MAC spoofing attacks. Port security is discussed in detail in Chapter 4, with configuration
examples.
ARP Spoofing Attack
An ARP spoofing attack is a method in which an intruder attempts to disguise its source MAC address by
impersonating another host on the network. In ARP spoofing, the switch is misguided by poisoning the ARP
cache. ARP spoofing is generally motivated to aid in making other DoS and MITM-type attacks possible.
Background
One of the fundamental operations of the Ethernet protocol is based on the ARP protocol for sending and
receiving ARP messages. ARP is a Layer 2 protocol that is used by the IP protocol to map network addresses
(32-bit IP address) to the hardware addresses (48-bit MAC address), providing IP-to-MAC resolution.
Pages:
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405