ARP Poisoning
ARP Poisoning
Niranjana.S.KarandikarMsc-2Sem-IVPSDF401: Vulnerability
Assessment and Penetration Testing Part II
ContentsARP- IntroductionARP- The ProtocolGullible ARPARP cache
PoisoningDOSMITMMAC FloodingMitigations
IntroductionNICMACIPARP table
ARP- The ProtocolARP Request"Who has this IP address (a.b.c.d)
?"ARP Reply"I have that IP. My MAC address is [a.b.c.d]."RARP
Request"Who has this MAC address?"RARP Reply"I have that MAC. My IP
address is [a.b.c.d]"
Gullible ARPSimplicity for efficiency= Major InsecurityNo
AuthenticationStateless Connection
ARP Cache PoisoningA BC says I am BA CA has no means of
verifying who really is B or CA is very gullible
No way to authenticate the IP to MAC address mapping in the ARP
reply. The host does not check whether it sent an ARP request for
which it is receiving ARP reply message.Thus opening doors to the
following Attacks
DOSWrong or fictitious IP mapped in ARP tableEg: Routers
IPfictitious MACAll packets for the router wrong MACNetwork
down
MITMA-C-BC will send a reply to B with As IP and Cs MACC will
send reply to A with Bs IP and Cs MACSwitch On Port
ForwardingACBACB
MAC FloodingTarget:- Network SwitchVulnerability:- Acts like hub
when overloaded and start broadcasting all the network traffic to
all the hosts connected to networkAttack:- send many fake ARP
repiles to overload the switch.
MitigationsSmall NetworksLarge NetworksAll Networks
Small NetworksStatic IPStatic ARPIfconfig/all view IP and MAC of
devices in networkArp s add static entrieslogin script that would
add these static entries to your PCs as they boothard to
maintainimpossible in large networks
Large NetworksPort Security FeaturesOne MAC per physical port of
switch
All NetworksUse of automated monitoring tools such as ARP
WATCH,ARP monitor,ARPing,ARPscan,Antidote,ARPoison
Referenceshttp://www.watchguard.com/glossary/a.asp#ARPhttp://www.veracode.com/security/arp-spoofinghttp://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/Understanding-Man-in-the-Middle-Attacks-ARP-Part1.htmlhttp://www.watchguard.com/infocenter/editorial/135250.asp
Thank You
The cruelest lies are often told in silence
