5.6. ARP Tables

Similar to routers, switches maintain ARP tables that map a logical address, such as an IP address, to a physical address, usually a MAC address. In a switched environment the ARP table is normally very static. The MAC address of a network card does not normally change, and the IP address associated with a machine will also remain relatively constant. Unfortunately, most switches are susceptible to ARP attacks which can render a switch unusable, or be used to gather information about the topology of a network.

In November 2001, Cisco released a security warning about ARP table vulnerabilities in most versions of its IOS software. An ARP request received by a router interface, but with a different MAC address for that interface, ...

Get The Practice of Network Security: Deployment Strategies for Production Environments now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.