How can I use policies to combat Denial of Service Attacks?

  • 0
  • 1
  • Article
  • Updated 5 years ago
  • (Edited)
Article ID: 9372 

A hacker can easily associate an operationally significant IP address to a false MAC address. For instance, a hacker can send an ARP Reply associating a gateway?s IP address for a network with a MAC address that doesn't exist or one that does. Your computers believe the layer 2 destination of your default gateway, but in reality they're sending any packet whose destination is not on the local segment to a nonexistent layer 2 address. In one move, the hacker has cut off your trusted host from all communication outside the local network. 

The denial of service attack can be stopped by applying a policy on user ports that denies any traffic with a source IP address equal to the gateway. This works because the matrix products treat ARP packets as IP packets. This rule would drop any ARP reply packet coming from a user with a source protocol address equal to the gateway.
Photo of FAQ User

FAQ User, Official Rep

  • 13,620 Points 10k badge 2x thumb

Posted 5 years ago

  • 0
  • 1

There are no replies.

This conversation is no longer open for comments or replies.