ARP protocol attacks and defenses

Camouflage and Skullduggery

© Lead Image © Andre Zhak, 123RF.com

© Lead Image © Andre Zhak, 123RF.com

Article from Issue 181/2015
Author(s): , Author(s):

ARP spoofing can be used to initiate denial-of-service attacks, network hijacking, and man-in-the-middle attacks on the Intranet. We look at how to prevent these incursions.

Companies spend huge amounts of money to protect themselves from attacks on the Internet, but the security of the intranet it is not very advanced in most small to medium-sized enterprises. The credo is often: Internal users will not attack their own. The reality is rather different, which is reason enough to take a look at one of the most common attacks and defense options on internal networks: ARP Spoofing.

On the intranet, unlike the Internet, addressing is not based on Layer 3 (IP), but on Layer 2 (Ethernet). A packet identifies its target by reference to the MAC address. To ensure that resolution between IPv4 addresses and MAC addresses runs smoothly, ARP (Address Resolution Protocol) or its counterpart RARP (reverse ARP) are used.

If computer A wants to communicate with computer B, A sends an ARP request to the broadcast address to discover the MAC address of B. Computer B responds with an ARP reply. In a TCP dump, this kind of conversation looks like Listing 1.

[...]

Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Core Technologies

    Learn what's going on in your network, using Linux and its arsenal of packet capture tools.

  • Hping

    Don't let intruders crash your dance. We'll show you how to test your firewalls and intrusion detection systems with hping.

  • ARP Spoofing

    Any user on a LAN can sniff and manipulate local traffic. ARP spoofing and poisoning techniques give an attacker an easy way in.

  • Command Line: Network Diagnostic Tools

    Linux has the right tools to track down network errors and open the way for data packets.

  • Bridgewall

    Firewalls are typically implemented as routers,but it doesn’t have to be that way. Bridging packet filters have a number of advantages,and you can add them to your network at a later stage without changing the configuration of your network components.

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More

News