I'm so happy seeing guys venture into my domain. I love your work and I would love to ask a question. How do one mitigate IP spoofing attacks based on address resolution protocol impersonation?
You are viewing a single comment's thread from:
I'm so happy seeing guys venture into my domain. I love your work and I would love to ask a question. How do one mitigate IP spoofing attacks based on address resolution protocol impersonation?
First, there are different techniques used to identify spoofing via arp. Softwares can be implemented but I will just give a quick info not going too deep. You know that arp works mainly on LAN to request and recognize the mac address and ip address of different host in the same network when sent with respect to the ip address. When an arp request is being sent, the distinct host replies with both the ip address and the MAC address in unicast(one to one) depends though. And all these contains packets that is packaged in a frame that is transmitted in the network. Thus, one solution is implementing Reverse path forwarding. In the place where I work, we make use of Fortigate firewall which perform this aspect of RPF. Fortigate is owned by Fortinet which tries as much to enhance network security on different enterprise. We make use of forti analyzer, forticlient in compliance with fortigate(on an end user computer). Our firewall blocks ip packets from reaching a destination if it does not belong to the routing domain and if its subnet is corresponding our network. Also, since arp is mainly used by switches, security measures can be taken in the area of the switch but that depends on the process you want to use. One is port security on the switch.
A very nice response but I have a little correction to make, address resolution protocol is used by a host within a LAN to identify the MAC address. Hence, it already knows the IP address, so only the MAC address is returned after a successful ARP. Also you answered my question from a layer 7 perspective but I was expecting you to answer the question from a layer 3 to layer 1 perspective, though your answer is purely valid and helpful. Thanks buddy.
Thanks buddy..in my response I quoted "in respect to the ip address". and to correct you too, In the format of arp, when replying, the ip address and the MAC is sent back to the host together. if you need the layer 1 to 3, then you can consider..port security, dynamic arp inspection and T-Arp as well. in additiion, fortigate does not only work in layer 7, because its configuration is done exactly like when configuring a router or a switch as it has its own CLI. you can check it out if your are interested
The address resolution protocol is a broadcast that says "hey buddies, I have this layer 3 address, does anyone of you bear the same address?" If any host has such ip address, it responds with "hey man, I heard someone is looking for my physical address, take, this is it". Of course every frame has source and destination field but that's not part of the response of an arp like you stated. Also I said the information you provided was would be useful to me. Thanks anyways
We are here to learn and nothing stop us from becoming highly knowledgeable in any particular niche. Had learnt so many things that would not have been possible without steemit.
This your question shows your versed, and I do hope the author @wisdomdavid provides a good answer to this question.
Oh😱! I see he has "wisdom" to his name. He must be a genius😂
This article worth consulting by those researching on similar topic.
Regards
@eurogee of @euronation and @steemstem communities
thanks so much for stopping by @eurogee. I do appreciate your presence😄