ARP spoofing and poisoning

TRAFFIC TRICKS

Author(s): , Author(s):

Any user on a LAN can sniff and manipulate local traffic. ARP spoofing and poisoning techniques give an attacker an easy way in.

Curiousity, revenge, industrial espionage are all reasons why insiders attack systems on their own network. Statistics show that 70 to 80 percent of all attacks originate on the internal network [1]. Admins have a hard time preventing these internal attacks because protecting the internal network is a lot more difficult than protecting against external attack. One of the most formidable forms of internal attack is known as ARP spoofing. ARP spoofing puts an attacker in a position to sniff and manipulate local traffic. So-called man-in-the-middle attacks are easy to perform, and thanks to sophisticated software, even attackers with little knowledge of networking stand a good chance of succeeding. How ARP Works The ARP protocol was published in November 1982 by David C. Plummer as RFC 826 [2]. As IT security was not an important factor back in 1982, the aim was simply to provide functionality. ARP maps IP addresses to MAC addresses. If client C needs to send a packet to server S, it needs to know the MAC address of S if both machines are on the same subnet. Even if S resides in a different network, C still needs a MAC address – in this case, the address of the next router that will forward the packet. The router takes care of everything else.

Read full article as PDF:

ARP_Spoofing.pdf (255.54 kB)

Related content

  • Phishing and Pharming

    The pharmers and phishers are after your precious financial infor-mation. We’ll show you how to protect your interests.

  • TCP Hijacking

    It is quite easy to take a TCP connection down using a RST attack, and this risk increases with applications that need long-term connections, such as VPNs, DNS zone transfers, and BGP. We’ll describe how a TCP attack can happen, and we’ll show you some simple techniques for protecting your network.

  • Hotspotter

    Security experts are always concerned with WLAN access points, but they sometimes forget that the client is also open to attack. Public hotspots make it quite easy for attackers to hijack connections, as the Hotspotter tool demonstrates.

  • Netfilter's Recent Module

    Netfilter’s Recent module builds a temporary blacklist to keep intruders off your network.

  • Security Lessons

    Are your systems secure against DNS attacks? We'll show you why they matter and help you determine whether you are vulnerable.

comments powered by Disqus

Direct Download

Read full article as PDF:

ARP_Spoofing.pdf (255.54 kB)

News