Mitigating an ARP-Spoofing Attack

teancum144teancum144 Member Posts: 229 ■■■□□□□□□□
A high number of ARP spoofing attacks would be mitigated by:
A) ACLs
B) Subnetting
C) Flood guards
D) VLANS

The answer is 'C', but I'm wondering if this is an error - shouldn't the answer be 'D'?

For example:
"A typical application for a private VLAN is a hotel or Ethernet to the home network where each room or apartment has a port for Internet access. Similar port isolation is used in Ethernet-based ADSL DSLAMs. Allowing direct data link layer communication between customer nodes would expose the local network to various security attacks, such as ARP spoofing, as well as increasing the potential for damage due to misconfiguration."
Source:
Private VLAN - Wikipedia, the free encyclopedia

Here's a similar question that also indicates the answer is Flood guards: http://class10e.com/CompTIA/which-of-the-following-design-elements-would-mitigate-arp-spoofing-attacks/
If you like my comments or questions, you can show appreciation by clicking on the reputation badge/star icon near the lower left of my post. :D

Comments

  • ptilsenptilsen Member Posts: 2,835 ■■■■■■■■■■
    Both C and D are incorrect, or are not the best answer.

    C is to mitigate against MAC flooding attacks. ARP spoofing need not be done with MAC flooding, and flood guards are not an effective mitigation for all ARP spoofing attacks.

    D is never a mitigation technique. VLANs allow segmented broadcast domains within physical switches. This can provide a number of great advantages, but not security specifically. The thing to remember is that VLANs in and of themselves are not subnetting. Private VLANs, however, are unique in that they provide per-host subnetting, which is absolutely a security feature and mitigates ARP spoofing, specifically. Private VLANs is a valid answer, but VLANs is not.

    In my opinion B is far and away the best answer. Subnetting limits ARP spoofing to only the nodes on a given subnet. The threat is not eliminated since ARP spoofing can still be carried out against each subnet, but because subnetting limits its impact it is an effective mitigation technique. Private VLANs are an extremely effective mitigation technique because they make ARP spoofing no more effective than a simple wire tap, and when implemented on all ports it could be argued that Private VLANs eliminate the threat. However, Private VLANs is not an answer and "plain" VLANs are not of themselves a mitigation technique, so subnetting would still be the best answer.

    For the question in the link you posted, flood guards is the best answer because they prevent MAC flooding which can be used for spoofing.
    Working B.S., Computer Science
    Complete: 55/120 credits SPAN 201, LIT 100, ETHS 200, AP Lang, MATH 120, WRIT 231, ICS 140, MATH 215, ECON 202, ECON 201, ICS 141, MATH 210, LING 111, ICS 240
    In progress: CLEP US GOV,
    Next up: MATH 211, ECON 352, ICS 340
  • SecurityThroughObscuritySecurityThroughObscurity Member Posts: 212 ■■■□□□□□□□
    C is correct, partially.
    To perform ARP spoofing you need to flood a target with fake arp-responses.
    Subnetting won't help, you can still spoof a victim inside this subnet.
  • teancum144teancum144 Member Posts: 229 ■■■□□□□□□□
    C is correct, partially.
    To perform ARP spoofing you need to flood a target with fake arp-responses.
    Subnetting won't help, you can still spoof a victim inside this subnet.
    Interesting, thank you. After reading your reply, I found this short (2 minute) YouTube video:
    3hacks : ARP Flood (zombie host) - YouTube
    Is this an example of what you are talking about? This attack appears to be using ARP spoofing to flood the victim with ARP replies.

    ptilsen, I found your reply very informative. Do you believe this scenario could be what the question is inferring? The question does say a "high number of ARP spoofing attacks". I realize this is a very specific type of ARP spoofing attack, but I found two different sources with a similarly worded question and both had "Flood Guards" as the answer.
    If you like my comments or questions, you can show appreciation by clicking on the reputation badge/star icon near the lower left of my post. :D
  • ptilsenptilsen Member Posts: 2,835 ■■■■■■■■■■
    Flooding is one way to implement an ARP spoofing attack, and as such flood guards eliminate some forms of ARP spoofing threats. Subnetting mitigates against all forms of ARP spoofing by limited their impact. Flood guards is not an incorrect answer, in my opinion, just not the best one.
    Working B.S., Computer Science
    Complete: 55/120 credits SPAN 201, LIT 100, ETHS 200, AP Lang, MATH 120, WRIT 231, ICS 140, MATH 215, ECON 202, ECON 201, ICS 141, MATH 210, LING 111, ICS 240
    In progress: CLEP US GOV,
    Next up: MATH 211, ECON 352, ICS 340
Sign In or Register to comment.