When it comes to ARP Protocol, I believe network engineers will not be unfamiliar with it. About ARP Protocol, next, SPOTO spotodumps will analyze it in detail from three aspects: what is ARP Protocol, the function of ARP Protocol and the security of ARP Protocol.
What Is ARP Protocol?
Before understanding a thing, we often look at its definition, so what is ARP Protocol? ARP Protocol is the abbreviation of Address Resolution Protocol. It is a TCP / IP protocol that obtains physical address according to IP address. The Address Resolution Protocol was described and developed by the Internet Engineering Task Force in RFC 826 issued in November 1982. Address Resolution Protocol is an essential protocol in IPv4, which is a widely used Internet Protocol version.
What Is the Function of ARP Protocol?
In network communication, the communication between host and host needs to encapsulate and de encapsulate the data packet according to the OSI Model, which requires not only the source destination IP address, but also the source destination MAC address
When it comes to ARP Protocol, I believe network engineers will not be unfamiliar with it. About ARP Protocol, next, SPOTO will analyze it in detail from three aspects: what is ARP Protocol, the function of ARP Protocol and the security of ARP Protocol.
What Is ARP Protocol?
Before understanding a thing, we often look at its definition, so what is ARP Protocol? ARP Protocol is the abbreviation of Address Resolution Protocol. It is a TCP / IP protocol that obtains physical address according to IP address. The Address Resolution Protocol was described and developed by the Internet Engineering Task Force in RFC 826 issued in November 1982. Address Resolution Protocol is an essential protocol in IPv4, which is a widely used Internet Protocol version.
What Is the Function of ARP Protocol?
In network communication, the communication between host and host needs to encapsulate and de encapsulate the data packet according to the OSI Model, which requires not only the source destination IP address, but also the source destination MAC address. Where does the MAC address come from? Generally, the upper layer application only knows the IP address and does not care about the MAC address, Therefore, it is necessary to know the destination MAC address through a protocol to complete the data encapsulation. This protocol is the work of ARP protocol. Using the Address Resolution Protocol, the target hardware address (MAC address) information can be resolved according to the IP address information in the IP packet header of the network layer to ensure the smooth progress of communication.
That is, when sending information, the host broadcasts the ARP request containing the target IP address to all hosts on the local area network and receives the return message to determine the physical address of the target. After receiving the return message, the IP address and physical address are stored in the local ARP cache and kept for a certain time. The next request directly queries the ARP cache to save resources.
Security of ARP Protocol
ARP provides simple and efficient functions, but like all network protocols, it is not perfect. Its imperfection is mainly reflected in its insecurity. Its insecurity mainly comes from ARP Spoofing. So what is ARP Spoofing?
The Address Resolution Protocol is based on mutual trust among hosts in the network. Hosts in the local area network can independently send ARP response messages. When other hosts receive the response message, they will not detect the authenticity of the message and will record it into the local ARP cache. Thus, the attacker can send a pseudo ARP response message to a host, so that the information sent can’t reach the expected host or the wrong host, which constitutes an ARP Spoofing.
Then, if an attacker sends a forged ARP message, maliciously modifies the ARP table entries of the gateway or other hosts in the network, or sends a large number of forged ARP response messages, resulting in the overflow of the host ARP table entries, resulting in the failure to cache the normal ARP table entries, thus affecting the normal forwarding of the message, this is the famous denial of service attack (DDoS) or ARP flooding attack. These two attacks will lead to network instability, resulting in users unable to access the Internet or enterprise disconnection, leading to major production accidents, illegally obtaining the account and password of the game, online banking, file service and other systems, causing heavy losses to the interests of the attacker.
In case of these attacks, two things should be done: one is to ensure that ARP Spoofing packets are not received, and the other is to ensure that ARP Spoofing packets are not trusted and directly discarded after receiving them. How to achieve this? Install ARP Firewall or manually bind the mapping relationship between LAN IP and MAC. find here for exam dump