If an attacker forges the gateway address to send ARP packets with the source IP address being the IP address of the gateway on the LAN, ARP entries on hosts in the LAN record the incorrect gateway address. As a result, all traffic from hosts to the gateway is sent to the attacker and the attacker intercepts user information. Communication of users is interrupted.
- The source IP address in the ARP packet is the same as the IP address of the VLANIF interface matching the inbound interface of the packet.
- The source IP address in the ARP packet is the virtual IP address of the inbound interface but the source MAC address in the ARP packet is not the virtual MAC address of the Virtual Router Redundancy Protocol (VRRP) group.
# Enable the ARP gateway anti-collision function on the gateway device. By default, the ARP gateway anti-collision function is disabled.
<HUAWEI> system-view [HUAWEI] arp anti-attack gateway-duplicate enable
More Information: S Series Switches Common Operation Guide