ARP spoofing and poisoning

TRAFFIC TRICKS

Author(s): , Author(s):

Any user on a LAN can sniff and manipulate local traffic. ARP spoofing and poisoning techniques give an attacker an easy way in.

Curiousity, revenge, industrial espionage are all reasons why insiders attack systems on their own network. Statistics show that 70 to 80 percent of all attacks originate on the internal network [1]. Admins have a hard time preventing these internal attacks because protecting the internal network is a lot more difficult than protecting against external attack. One of the most formidable forms of internal attack is known as ARP spoofing. ARP spoofing puts an attacker in a position to sniff and manipulate local traffic. So-called man-in-the-middle attacks are easy to perform, and thanks to sophisticated software, even attackers with little knowledge of networking stand a good chance of succeeding. How ARP Works The ARP protocol was published in November 1982 by David C. Plummer as RFC 826 [2]. As IT security was not an important factor back in 1982, the aim was simply to provide functionality. ARP maps IP addresses to MAC addresses. If client C needs to send a packet to server S, it needs to know the MAC address of S if both machines are on the same subnet. Even if S resides in a different network, C still needs a MAC address – in this case, the address of the next router that will forward the packet. The router takes care of everything else.

Read full article as PDF:

ARP_Spoofing.pdf (255.54 kB)

Related content

  • Hotspotter

    Security experts are always concerned with WLAN access points, but they sometimes forget that the client is also open to attack. Public hotspots make it quite easy for attackers to hijack connections, as the Hotspotter tool demonstrates.

    more »
  • Security Lessons

    Are your systems secure against DNS attacks? We'll show you why they matter and help you determine whether you are vulnerable.

    more »
  • Phishing and Pharming

    The pharmers and phishers are after your precious financial infor-mation. We’ll show you how to protect your interests.

    more »
  • TCP Hijacking

    It is quite easy to take a TCP connection down using a RST attack, and this risk increases with applications that need long-term connections, such as VPNs, DNS zone transfers, and BGP. We’ll describe how a TCP attack can happen, and we’ll show you some simple techniques for protecting your network.

    more »
  • Bridgewall

    Firewalls are typically implemented as routers,but it doesn’t have to be that way. Bridging packet filters have a number of advantages,and you can add them to your network at a later stage without changing the configuration of your network components.

    more »
comments powered by Disqus

Visit Our Shop

Trial Subscription

Digital Subscription

Subscribe

Direct Download

Read full article as PDF:

ARP_Spoofing.pdf (255.54 kB)

Tag Cloud

Administration Community Desktop Events Hardware Kernel Linux Mobile Programming Red Hat Software Ubuntu Web Development Windows free software

News

njobs Europe
What:
Where:
Country:
Njobs Netherlands Njobs Deutschland Njobs United Kingdom Njobs Italia Njobs France Njobs Espana Njobs Poland
Njobs Austria Njobs Denmark Njobs Belgium Njobs Czech Republic Njobs Mexico Njobs India Njobs Colombia