These days, it is no longer sufficient to just protect your LAN from external attack with a firewall. Increased mobility and the wide availability of various hacking tools mean that attacks can occur from within the LAN itself - rogue workstations in your LAN can launch a variety of debilitating internal Denial of Service (DoS) attacks. Even more damaging are deceptively simple information-stealing attacks, of which Address Resolution Protocol (ARP) spoofing attacks are the most notorious. You can configure Allied Telesis switches to protect your LAN against internal attack. With our products, you can secure your network, preserving the safety of both your mission-critical applications and your productivity.

Address Resolution Protocol (ARP) Spoofing Attack Address Resolution Protocol (ARP) spoofing attacks are information-stealing attacks. Allied Telesis switches use DHCP Snooping with ARP Security to protect your network from ARP spoofing attacks. All ARP replies from un-trusted ports are checked to ensure they contain legitimate IP information - safeguarding your network and your business. » View Diagram		Basic VLAN Hopping Attack VLANs aim to provide a degree of network security via user segmentation. To eliminate basic VLAN hopping attacks, Allied Telesis switches use Ingress Filtering to drop all tagged packets, since workstations attached to edge ports should not send tagged packets into your network. » View Diagram
Double-tag VLAN Hopping Attack VLANs aim to provide a degree of network security via user segmentation. To eliminate double-tag VLAN hopping attacks, Allied Telesis switches employ the same solution as for basic VLAN hopping attacks – Ingress Filtering drops all tagged packets, since workstations attached to edge ports should not send tagged packets into your network. » View Diagram		DHCP Rogue Server Attack Allied Telesis switches avoid DHCP Rogue Server attacks by using DHCP Snooping, and by identifying edge ports that are designated as “untrusted” ports. The switch no longer sends DHCP discover messages to untrusted ports, so malicious users cannot see these messages and attempt to intervene. » View Diagram
DHCP Starvation Attack A malicious user inundating the DHCP server with countless DHCP requests from different MAC addresses, results in the server running out of IP addresses. Allied Telesis switches use port security to stop malicious users sending multiple MAC addresses to the DHCP server. » View Diagram		Denial of Service (DoS) Attack There are many different types of denial of service attacks that can threaten your network. Some attacks exploit invalid packet formats, causing the target device to ‘hang’, for example Tear Drop, IP Options and Ping of Death attacks. Other attacks initiate a packet storm targeted at a specific ‘victim’, for example Smurf attacks. Still others initiate numerous TCP connections with a victim that are never fully opened but consume resource, for example SYN flood attacks. Allied Telesis switches are capable of mitigating all of the above attacks using DoS defence, which for the majority of these attacks is implemented in the switch’s silicon, so does not waste your valuable CPU resource. » View Diagram
MAC Overflow Attack Allied Telesis switches prevent the malicious filling of the switches MAC table with port security. You can configure the edge ports with a MAC learn limit, which once reached, allows no further MAC traffic. You can also configure traps to notify management of the excessive MAC activity on the port, and/or disable the port. » View Diagram		Spanning Tree Attack The purpose of Spanning Tree Protocol (STP) is to allow path redundancy while preventing network loops, by designating ports as being either in a forwarding state or a blocked state. If a path becomes unavailable, the network responds by unblocking a previously blocked path to allow traffic to flow. In a spanning tree attack, a malicious user sends an STP message which attempts to compromise the network topology. Allied Telesis switches prevent spanning tree attacks by using BPDU guard on all edge ports. » View Diagram