ANALYSIS OF TYPES OF SPOOFING ATTACKS AND PROTECTION MEANS AT THE ACCESS NETWORK LAYER

Abstract

In the article, the authors delve into the critical area of ​​network security, focusing on spoofing attacks that exploit vulnerabilities in computer networks, starting with the access layer network. Spoofing attacks involve impersonating legitimate individuals or devices to gain unauthorized access, intercept data, or disrupt services, creating significant threats to network integrity, confidentiality, and availability. This paper systematically examines four prevalent types of spoofing attacks: MAC spoofing, DHCP spoofing, ARP spoofing, and IP spoofing, detailing their mechanisms, potential impacts, and corresponding defensive strategies. MAC spoofing is one of the main attacks discussed. With this technique, an attacker changes the MAC address of their network interface card (NIC) to mimic the MAC address of an authorized device. Moving to DHCP spoofing, the paper explores how attackers impersonate legitimate Dynamic Host Configuration Protocol (DHCP) servers to distribute malicious IP configurations. In a typical network, DHCP servers automatically assign IP addresses, subnet masks, gateways, and DNS servers to clients. A rogue DHCP server can respond faster to client requests or provide false information, redirecting traffic to attacker-controlled gateways for man-in-the-middle (MITM) interception. ARP spoofing, or Address Resolution Protocol spoofing, is another key focus, where attackers poison the ARP cache of devices to associate their MAC-address with the IP-address of a legitimate host, such as a gateway. By sending gratuitous ARP replies, attackers can redirect traffic intended for the victim through their machine. Finally, IP-spoofing is analyzed as a technique where attackers forge the source IP address in packet headers to disguise their origin. This occurs at the network layer (Layer 3) and is commonly used in DDoS attacks, where spoofed packets amplify traffic to overwhelm targets. The study evaluates effective countermeasures, including port security, 802.1X authentication protocols, DHCP snooping, dynamic ARP inspection, IP Source Guard on switches, ingress/egress filtering and Unicast Reverse Path Forwarding (uRPF)verification on routers, advocating for a layered defense approach. This comprehensive analysis serves as a valuable resource for network engineers, security professionals, and researchers aiming to fortify access networks against evolving spoofing threats, emphasizing proactive measures to safeguard digital infrastructures in an increasingly hostile cyber landscape.