Hi all,
I imagine a scenario like here with topology
Client A (set manually IP address) ---------- Switch ------------- Client B (Hacker)
Client A and B same VLAN and switch configure DHCP snooping, DAI, IP source guard to prevent DHCP attack, ARP attack, Spoofing attack. However, the client A set manually IP address
In the situation, Client A doesn't have information on DHCP snooping database so Switch doesn't flood frame to access the Internet, does it?
The same, when Client B deploys arp spoofing with MAC's Client A to connect another client, the switch will discards packet because it doesn't see any MAC's A on DHCP snooping database, won't it?
Please correct me if I think wrong.
Thanks and best regards,
Hoang Nguyen Huy
↧
Switch configure DHCP snooping, however end-user set IP address manually
↧