ARP attacks - ARP Cache Poisoning ARP Cache Poisoning based Attacks based Attacks Z o u h e i r T r a b e l s i We are watching hackers Zouheir

Info iconThis preview shows pages 1–12. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: ARP Cache Poisoning ARP Cache Poisoning based Attacks based Attacks Z o u h e i r T r a b e l s i We are watching hackers Zouheir Trabelsi 2 P l a n How ARP caches are updated? ARP Cache Poisoning Attack Rerouting Communications DoS attack MiM attack Gratuitous ARP: Duplicate IP address attack Cloning attack (MAC spoofing attack) Tools Attack scenarios Defending against ARP attacks Zouheir Trabelsi 3 The update of ARP caches can be done by ARP Replies or ARP Requests How ARP caches are updated? Zouheir Trabelsi 4 ARP Cache Update using ARP Replies Host A Host C Host B Host D IP destination Source IP = IP_B Destination MAC = MAC_A Source MAC = MAC_B Operation = 2 (reply) Destination IP = IP_A Source MAC = MAC_B Destination MAC = MAC_A Type = ARP (2054) Host B sends an ARP reply to host A Host A will update its ARP cache with the entry IP_B / MAC_B Zouheir Trabelsi 5 ARP Cache Update using ARP Requests Host A Host C Host B Host D IP destination Source IP = IP_A Destination MAC = 00:00:00:00:00:00 Source MAC = MAC_A Operation = 1 (Request) Destination IP = IP_B Source MAC = MAC_A Destination MAC = FF:FF:FF:FF:FF:FF Type = ARP (2054) Host A sends an ARP request to all hosts All hosts (B, C, and D) will update their ARP caches with the entry IP_A / MAC_A Zouheir Trabelsi 6 ARP Cache Poisoning Attack Zouheir Trabelsi 7 ARP Cache Poisoning Attack: Is the process of corrupting an ARP cache with fake IP/MAC entries ARP Cache Poisoning Attack is used to perform other attacks: • Man-in-the-Middle (MiM) attack • Denial of Service (DoS) attack Zouheir Trabelsi 8 Host A Host C Host B Host D IP destination Source IP = Gateway_IP Destination MAC = Any Address Source MAC = FAKE MAC Operation = 2 (Reply) Destination IP = Any Address Source MAC = Any Address Destination MAC = MAC_A Type = ARP (0x0806) ARP reply packets can be used to corrupt the ARP caches of victim hosts ARP Cache Poisoning Attack using ARP Replies C A IP MAC Gateway_IP Fake MAC ARP cache of Host A Zouheir Trabelsi 9 ARP Cache Poisoning Attack using ARP Requests Host A Host C Host B Host D IP destination Source IP = IP_A Destination MAC = 00:00:00:00:00:00 Source MAC = MAC_C Operation = 1 (Request) Destination IP = Any thing Source MAC = Any MAC Destination MAC = Broadcast or MAC_B Type = ARP (0x0806) Host C sends a FAKE ARP request to all hosts or only to host B All hosts or host B will update their/its ARP cache(s) with the FAKE entry IP_A / MAC_C Zouheir Trabelsi 10 Host A Host C Host B Host D IP MAC IP_A MAC_C ARP cache of hosts B Host C sends a FAKE ARP request to host B Host B will update its ARP cache with the FAKE entry IP_A / MAC_C Result: All the packets sent by host B to host A will go to host C ARP Cache Poisoning Attack using ARP Requests Zouheir Trabelsi 11 ARP Cache Poisoning Attack using ARP Requests Host A Host C Host B Host D IP destination Source IP = Gateway_IP Destination MAC = 00:00:00:00:00:00 Source MAC = Fake MAC Operation = 1 (Request)...
View Full Document

This note was uploaded on 03/26/2010 for the course SECB 455 taught by Professor Zuhairtrabelsi during the Spring '10 term at United Arab Emirates University.

Page1 / 62

ARP attacks - ARP Cache Poisoning ARP Cache Poisoning based Attacks based Attacks Z o u h e i r T r a b e l s i We are watching hackers Zouheir

This preview shows document pages 1 - 12. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online