topic How can I use policies to combat Denial of Service Attacks? in FAQs https://community.extremenetworks.com/t5/faqs/how-can-i-use-policies-to-combat-denial-of-service-attacks/m-p/46813#M419 Article ID: 9372 <BR /> <BR /> A hacker can easily associate an operationally significant IP address to a false MAC address. For instance, a hacker can send an ARP Reply associating a gateway?s IP address for a network with a MAC address that doesn't exist or one that does. Your computers believe the layer 2 destination of your default gateway, but in reality they're sending any packet whose destination is not on the local segment to a nonexistent layer 2 address. In one move, the hacker has cut off your trusted host from all communication outside the local network. <BR /> <BR /> The denial of service attack can be stopped by applying a policy on user ports that denies any traffic with a source IP address equal to the gateway. This works because the matrix products treat ARP packets as IP packets. This rule would drop any ARP reply packet coming from a user with a source protocol address equal to the gateway. Thu, 05 Sep 2013 06:03:00 GMT FAQ_User 2013-09-05T06:03:00Z How can I use policies to combat Denial of Service Attacks? https://community.extremenetworks.com/t5/faqs/how-can-i-use-policies-to-combat-denial-of-service-attacks/m-p/46813#M419 Article ID: 9372 <BR /> <BR /> A hacker can easily associate an operationally significant IP address to a false MAC address. For instance, a hacker can send an ARP Reply associating a gateway?s IP address for a network with a MAC address that doesn't exist or one that does. Your computers believe the layer 2 destination of your default gateway, but in reality they're sending any packet whose destination is not on the local segment to a nonexistent layer 2 address. In one move, the hacker has cut off your trusted host from all communication outside the local network. <BR /> <BR /> The denial of service attack can be stopped by applying a policy on user ports that denies any traffic with a source IP address equal to the gateway. This works because the matrix products treat ARP packets as IP packets. This rule would drop any ARP reply packet coming from a user with a source protocol address equal to the gateway. Thu, 05 Sep 2013 06:03:00 GMT https://community.extremenetworks.com/t5/faqs/how-can-i-use-policies-to-combat-denial-of-service-attacks/m-p/46813#M419 FAQ_User 2013-09-05T06:03:00Z