From the course: Cisco Network Security: Secure Routing and Switching
Join today to access over 24,400 courses taught by industry experts.
Dynamic ARP inspection
From the course: Cisco Network Security: Secure Routing and Switching
Dynamic ARP inspection
- [Instructor] Address Resolution Protocol is used to resolve an IP address to a physical address. ARP can fall victim to spoofing, where the attacker sends spoofed ARP messages and poisons the cache. Traffic then goes to the spoofed machine instead of to the gateway. I wanted to show you what this type of attack look like in Wireshark. Now, what I'll do is filter by ARP and I only want to see the replies, so I'll apply a filter to see only the replies. Now, when looking at this, here's what we'll look at. You can see the IP address 192.168.47.1 is at the MAC address ending in b1 but we also see 47.2 is at the MAC address ending at b1 and also .200 is at the MAC address ending at b1, so this effectively poisons the cache. You'll want to protect against this type of attack. Dynamic ARP Inspection rejects invalid and malicious ARP packets. Dynamic ARP Inspection relies on DHCP snooping. Together, they prevent ARP cache…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
