Upload
niranjana-karandikar
View
213
Download
1
Embed Size (px)
DESCRIPTION
ARP poisoning techniques and mitigations
Citation preview
ARP Poisoning
ARP Poisoning
Niranjana.S.KarandikarMsc-2Sem-IVPSDF401: Vulnerability Assessment and Penetration Testing Part II
ContentsARP- IntroductionARP- The ProtocolGullible ARPARP cache PoisoningDOSMITMMAC FloodingMitigations
IntroductionNICMACIPARP table
ARP- The ProtocolARP Request"Who has this IP address (a.b.c.d) ?"ARP Reply"I have that IP. My MAC address is [a.b.c.d]."RARP Request"Who has this MAC address?"RARP Reply"I have that MAC. My IP address is [a.b.c.d]"
Gullible ARPSimplicity for efficiency= Major InsecurityNo AuthenticationStateless Connection
ARP Cache PoisoningA BC says I am BA CA has no means of verifying who really is B or CA is very gullible
No way to authenticate the IP to MAC address mapping in the ARP reply. The host does not check whether it sent an ARP request for which it is receiving ARP reply message.Thus opening doors to the following Attacks
DOSWrong or fictitious IP mapped in ARP tableEg: Routers IPfictitious MACAll packets for the router wrong MACNetwork down
MITMA-C-BC will send a reply to B with As IP and Cs MACC will send reply to A with Bs IP and Cs MACSwitch On Port ForwardingACBACB
MAC FloodingTarget:- Network SwitchVulnerability:- Acts like hub when overloaded and start broadcasting all the network traffic to all the hosts connected to networkAttack:- send many fake ARP repiles to overload the switch.
MitigationsSmall NetworksLarge NetworksAll Networks
Small NetworksStatic IPStatic ARPIfconfig/all view IP and MAC of devices in networkArp s add static entrieslogin script that would add these static entries to your PCs as they boothard to maintainimpossible in large networks
Large NetworksPort Security FeaturesOne MAC per physical port of switch
All NetworksUse of automated monitoring tools such as ARP WATCH,ARP monitor,ARPing,ARPscan,Antidote,ARPoison
Referenceshttp://www.watchguard.com/glossary/a.asp#ARPhttp://www.veracode.com/security/arp-spoofinghttp://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/Understanding-Man-in-the-Middle-Attacks-ARP-Part1.htmlhttp://www.watchguard.com/infocenter/editorial/135250.asp
Thank You
The cruelest lies are often told in silence