[1] The data link layer and its associated protocols govern the physical interface between the host computer and the network hardware.
These tables allow the switch to securely deliver the packet to its intended physical address only.
An adversary is then able to intercept and monitor all network traffic traversing the switch to include passwords, emails, instant messages, etc.
In order to ensure reliable data communications all switches in the network must maintain up-to-date tables for mapping logical (IP) to physical (MAC) addresses.
This capability may also be implemented in individual hosts or may be integrated into Ethernet switches or other network equipment.
At this point, any hosts wishing to join the network will be denied access, resulting in a denial of service.
[8] One method for mitigating this type of attack is to use the IP source guard feature available on many Ethernet switches.
If it is not receiving any other traffic the access point will broadcast a Clear to Send (CTS) signal over the network.
Any spikes in CTS/RTS signals are assumed to be the result of a hidden node attack and are subsequently blocked.
When the client leaves it sends a deauthentication, or deauth, message to disassociate itself with the access point.
An attacker can send deauth messages to an access point tied to client IP addresses thereby knocking the users off-line and requiring continued re-authenticate, giving the attacker valuable insight into the reauthentication handshaking that occurs.