Friday, June 8, 2012

Dynamic ARP Inspection (DAI)


  • Switch uses DAI to prevent certain types of attacks.
  • To do this switch, can effectively uses the IP ARP messages.
  • ARP message includes 4 important addressing fields:
    • Source MAC & IP address of the sender of the message
    • Target MAC & IP address
  • Gratuitous ARPs:
    • Gratuitous ARP occurs when a host sends an ARP reply, without even seeing an ARP request, & with a broadcast destination Ethernet address.
  • DAI defeat ARP attack by examining the ARP messages & then filter out the inappropriate messages.
  • DAI considers each switch port to be either untrusted (the default) or trusted.
  • DAI perform messages on untrusted ports only.
at