An attacker wanting to eavesdrop on a network has several methods at their disposal to cause harm, notably with “man-in-the-middle” attacks where an attacking device pretends to be a valid member of the network to intercept traffic.
That method of attack is called “spoofing” which enables visibility into the device’s traffic and provides an option for attackers to use more aggressive network-disrupting tactics.
Device spoofing is a significant security threat, and it’s vital that your network have strong defenses. With our MS 10 firmware, Meraki is working to ensure your network remains secure with Dynamic ARP Inspection.
How does spoofing occur?
The attack works by deactivating the regular connection that switches use to pass information to client devices. The attacking device then misdirects traffic through itself by announcing its hardware address to devices that can hear it. The client devices aren’t smart enough to know the difference between the fake and real messages, so they begin forwarding potentially sensitive information to an attacking device.
The attacker can then spy on the traffic before forwarding the message to the correct device without anyone being the wiser.
How to defend against spoofing
Dynamic ARP Inspection (DAI) places safeguards at Layer 2 where bad actors may manipulate these important messages (ARP requests). DAI calls upon the network to verify whether the device handling the ARP requests is real or fake by checking whether that device has been seen before on the network. If the device hasn’t been seen, then messages from the attacking device are ignored.
Configuring DAI with Meraki is easy with MS 10. Note that to avoid disruption to your network, it’s essential to follow the steps in order.
In the Meraki dashboard, first, navigate to Switch > Switch Port and select the port associated with a DHCP Server or Relay. Select “Edit.”
Then navigate to “Trusted” and toggle to “enabled”.
Finally, navigate to Switch > DHCP Servers & ARP > DAI Status and select “Enabled.”
As with all things Meraki, the configuration of Dynamic ARP Inspection can be completed in seconds with our easy-to-use dashboard.