ARP protocol attacks and defenses

Camouflage and Skullduggery

© Lead Image © Andre Zhak, 123RF.com

© Lead Image © Andre Zhak, 123RF.com

Article from Issue 181/2015
Author(s): , Author(s):

ARP spoofing can be used to initiate denial-of-service attacks, network hijacking, and man-in-the-middle attacks on the Intranet. We look at how to prevent these incursions.

Companies spend huge amounts of money to protect themselves from attacks on the Internet, but the security of the intranet it is not very advanced in most small to medium-sized enterprises. The credo is often: Internal users will not attack their own. The reality is rather different, which is reason enough to take a look at one of the most common attacks and defense options on internal networks: ARP Spoofing.

On the intranet, unlike the Internet, addressing is not based on Layer 3 (IP), but on Layer 2 (Ethernet). A packet identifies its target by reference to the MAC address. To ensure that resolution between IPv4 addresses and MAC addresses runs smoothly, ARP (Address Resolution Protocol) or its counterpart RARP (reverse ARP) are used.

If computer A wants to communicate with computer B, A sends an ARP request to the broadcast address to discover the MAC address of B. Computer B responds with an ARP reply. In a TCP dump, this kind of conversation looks like Listing 1.

[...]

Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • ARP Spoofing

    Any user on a LAN can sniff and manipulate local traffic. ARP spoofing and poisoning techniques give an attacker an easy way in.

    more »
  • Security Lessons

    Are your systems secure against DNS attacks? We'll show you why they matter and help you determine whether you are vulnerable.

    more »
  • DDoS Defense

    To ward off DDoS attacks, websites and services often seek the protection of Internet giants, such as Amazon, but you have other ways to protect your connectivity.

    more »
  • Kernel Protection

    Security vulnerabilities in the kernel often remain undetected. The kernel hacker initiative, Kernel Self-Protection, promotes safe programming techniques to keep attackers off the network, and, if they do slip through the net, mitigate the consequences.

    more »
  • Hotspotter

    Security experts are always concerned with WLAN access points, but they sometimes forget that the client is also open to attack. Public hotspots make it quite easy for attackers to hijack connections, as the Hotspotter tool demonstrates.

    more »
comments powered by Disqus