Network Management: An Introduction to DoS Attacks and ARP Spoofing

Used Products:
× 1
General Product

When talking about network management, security is always an important issue. With the growing awareness towards data and network security, everyone's eager to find out how to keep themselves safe from potential cyberattackers sneaking around every corner. To better recognize if you’re under attack and how to deal with network security issues, understanding them is a prerequisite. Let’s get started with two common attacks.

1. DoS attacks

A DoS (Denial-of-Service) attack makes use of a defect in network protocols and directly exhausts the resources of an attacked target by flooding it with server requests. The purpose is to prevent the target computer or network from providing normal service. After being attacked, the service system stops responding and even collapses. It’s easier to imagine all of this if you think of your computer and network as a restaurant.

Let’s say you’re waiting for a table, but some people inside intentionally occupy every single one but don’t order or pay for meals. If nothing changes, this exhausts the resources of the restaurant. What’s more, there might be other people blocking the door preventing customers from getting in. In this way, the restaurant fails to offer normal services to the customers waiting outside. This resembles a DoS attack taking place on a network.

As discussed above, DoS attacks can lead to a lack of resources that should be offered to network users. Such an attack cannot be avoided no matter how fast the computer can process data, how much memory capacity it has, or its amount of network bandwidth. Typical symptoms include:

  • Unusually slow network performance;
  • A particular website being unavailable;
  • Inability to access websites;
  • Unusual increases in the number of spam emails.

When you find that you are faced by any of the above, your network may be under a DoS attack. Consider enabling a DoS protection tool to monitor the number of traffic packets and identify the abnormal situation in time.

2. IP & MAC binding against ARP spoofing and attacks

IP & MAC binding, as its name suggested, helps increase network security through binding the IP address and the MAC address. It’s used for preventing ARP (Address Resolution Protocol) spoofing and attacks. But what is ARP and how do hackers exploit its vulnerabilities?

To begin with, ARP is a communication protocol for discovering the link layer address like a MAC address. When one network device wants to share data with another one, they need to know the corresponding IP address. However, they cannot identify the IP address directly and the ARP helps associate the IP address and the MAC address of a device. In this way, the packet will be sent to the desired receiver. The whole process is implemented based on trusting all the nodes in a network. Trust is good because it improves efficiency, but a problem arises: when a fake MAC address is deliberately created, the data will be sent to a wrong device.

Take international delivery as an example. If a package is sent to America, but the address is in another language, say Korean, and the local courier fails to recognize the address and has to ask the local neighborhood: do you recognize this address? One local recipient answers and tells the courier the Korean address matches his apartment. The American courier connects the Korean address (the IP address) with a local address (the MAC address).

However, if someone who is not the recipient jumps out before the real recipient and tells the courier that the Korean address refers to their apartment (a fake MAC address), the package will be sent to the wrong place. This scenario reflects an ARP spoofing occuring. In networking, common symptoms of ARP attacks include:

  • Slow network performance or even inability to open websites;
  • Prompts of IP address conflicts;
  • LAN breaking down;
  • Leakage of information, such as username and password.

To prevent a network breaking down and data leakage from happening, we can match the IP address and MAC address in advance, and then the communication will not be intercepted by the fake MAC address. In other words, this will prevent ARP spoofing and other ARP attacks by denying network access to a device with a matching IP address but unrecognized MAC address.

Now that you recognize two of the more common cyberattacks, you can better prepare your network’s defenses. To learn more about these feature configurations, go to the Download Center to download the User Guide of your product.