Cisco Cisco Aironet 350 Mini-PCI Wireless LAN Client Adapter Guia Do Desenho
4-43
Enterprise Mobility 4.1 Design Guide
OL-14435-01
Chapter 4 Cisco Unified Wireless Network Architecture—Base Security Features
Cisco Integrated Security Features
Figure 4-34
Dynamic ARP Inspection
Effectiveness of DAI
In the example of
, the attack is completely successful only when the traffic remains local to
the H-REAP and never goes through the switch. Usually, the interesting traffic for an attacker, such as
passwords and account information, travels from the wireless client to the wired network (server or
Internet), so this is not too harmful.
passwords and account information, travels from the wireless client to the wired network (server or
Internet), so this is not too harmful.
The scenario where the default gateway and a wireless client are the attack targets can be called a
half-duplex MIM attack. Ettercap is able to modify the ARP table of the wireless user that is now sending
all the traffic to the intruder, but the GARP to the default gateway is intercepted by the switch and a
message is logged, as shown in the following example:
half-duplex MIM attack. Ettercap is able to modify the ARP table of the wireless user that is now sending
all the traffic to the intruder, but the GARP to the default gateway is intercepted by the switch and a
message is logged, as shown in the following example:
4507-ESE#sh ip arp inspection log
Total Log Buffer Size : 32
Syslog rate : 5 entries per 1 seconds.
Interface Vlan Sender MAC Sender IP Num of Pkts Reason
---------- ---- -------------- --------------- ----------- ------
Fa3/26 20 00d0.5937.7acc 10.20.1.100 1(11:07:48 PDT Wed Feb 3 2003) DHCP
Deny
Fa3/26 20 00d0.5937.7acc 10.20.1.100 1(11:07:48 PDT Tue Feb 3 2003) DHCP
Deny
Fa3/26 20 00d0.5937.7acc 10.20.1.100 1(11:07:48 PDT Tue Feb 3 2003) DHCP
Deny
Fa3/26 20 00d0.5937.7acc 10.20.1.100 1(11:07:48 PDT Tue Feb 3 2003) DHCP
Deny
Fa3/26 20 00d0.5937.7acc 10.20.1.100 1(11:07:48 PDT Tue Feb 3 2003) DHCP
Deny
Fa3/26 20 00d0.5937.7acc 10.20.1.100 1(11:07:48 PDT Tue Feb 3 2003) DHCP
Deny
Fa3/26 20 00d0.5937.7acc 10.20.1.100 1(11:07:48 PDT Tue Feb 3 2003) DHCP
Deny
Fa3/26 20 00d0.5937.7acc 10.20.1.100 1(11:07:48 PDT Tue Feb 3 2003) DHCP
Deny
Fa3/26 20 00d0.5937.7acc 10.20.1.100 1(11:07:48 PDT Tue Feb 3 2003) DHCP
Deny
Fa3/26 20 00d0.5937.7acc 10.20.1.100 1(11:07:48 PDT Tue Feb 3 2003) DHCP
Deny
Interface Vlan Sender MAC Sender IP Num of Pkts Reason
---------- ---- -------------- --------------- ----------- ------
Fa3/26 20 00d0.5937.7acc 10.20.1.100 1(11:07:49 PDT Tue Feb 3 2003) DHCP Deny
H-REAP
190376
LWAPP
Target 10.1.1.40
MAC = Z
Target 10.1.1.30
MAC = Y
Attacker 10.1.1.20
MAC = B
Default
Gateway
10.1.1.1
GARP
10.1.1.30 MAC_B
GARP
10.1.1.40 MAC_B