Article ID: 9372
A hacker can easily associate an operationally significant IP address to a false MAC address. For instance, a hacker can send an ARP Reply associating a gateway?s IP address for a network with a MAC address that doesn't exist or one that does. Your computers believe the layer 2 destination of your default gateway, but in reality they're sending any packet whose destination is not on the local segment to a nonexistent layer 2 address. In one move, the hacker has cut off your trusted host from all communication outside the local network.
The denial of service attack can be stopped by applying a policy on user ports that denies any traffic with a source IP address equal to the gateway. This works because the matrix products treat ARP packets as IP packets. This rule would drop any ARP reply packet coming from a user with a source protocol address equal to the gateway.