Monday, 8 January 2018

ARP SPOOFING ATTACKS



Week Eight ↓
 Address Resolution Protocol (ARP) is a layer 2 IPv4 protocol used to attribute a physical address to a logical address. For communication in a Local Area Network (LAN), a physical address is needed, and an ARP request is sent to fetch this address. Since ARP is a stateless protocol, an attacker could broadcast a false ARP message over a LAN and all hosts receive this as the legitimacy of an ARP entry cannot be verified by default. By doing this, the attacker can associate his physical address with the logical address of another machine on the same LAN in an ARP spoofing attack. Generally, the attacker makes himself the default gateway since all traffic destined for the other networks must be routed through the gateway (Hacktohell, 2014).
“Cain and Abel” is one of the most commonly used ARP Spoofing tools. With Cain and Abel, the attacker scans the network to identify all hosts and is able to intercept/receive all traffic meant for the victim. The attacker is then able to complete a Man in the Middle (MiTM) attack by forwarding the traffic to the actual gateway after modifying the data as intended. Using this approach, credentials/passwords can be compromised to create a new session with the victim’s identity.

COUNTERMEASURES

ARP spoofing attacks can be mitigated by using the following methods:
  • Use cryptographic network protocols such as Secure Shell (SSH), Hypertext Transfer Protocol Secure (HTTPS), Transport Layer Security (TLS) and other secure communications protocols as they provide data encryption and authentication.
  • Dynamic ARP Inspection (DAI) is a security feature that intercepts and verifies the authenticity of all ARP entries before forwarding data to the intended destination. A list of Physical (MAC) to logical (IP) bindings are maintained in a trusted binding table. ARP entries that are inconsistent with the information in the binding table are then discarded (Jeff, 2016).
  • Avoid configuring trusts as they rely only on IP address for authentication which makes ARP spoofing easy.

References

Hacktohell. (2014). Hacking a computer in LAN by ARP poisoning | Cain & Abel tutorial. Retrieved from http://www.hacktohell.org/2011/12/hacking-computer-in-lan-by-arp.html
Jeff King. (January, 2016). ARP Poisoning Attack and Mitigation Techniques. Retrieved from https://www.cisco.com/c/en/us/products/collateral/switches/catalyst-6500-series-switches/white_paper_c11_603839.html


Video Credit: Yako2K3. Jan 25, 2007
at

No comments:

Post a Comment