Scribd Logo
Upload

Welcome to Scribd!

  • ARP Poisoning

    Uploaded by

    razorblademk2
    189 views22 pages
    Powerpoint Slides revolving about network security. Particularly ARP poisoning.

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Powerpoint Slides revolving about network security. Particularly ARP poisoning.

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    189 views22 pages

    ARP Poisoning

    Uploaded by

    razorblademk2
    Powerpoint Slides revolving about network security. Particularly ARP poisoning.

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 22

    ARP Poisoning

    ESE 360
    By Raymond Talusan
    107731054
    Table of Contents
    Definition
    ARP
    Spoofing/Poisoning
    MAC Address
    Man-in-the-Middle
    Attack
    Examples of Attacks
    Process
    Interception
    Modification
    DOS

    Ettercap Ng
    BackTrack (Linux)
    Defences
    Importance
    What is ARP Poisoning
    ARP(Address Resolution Protocol) poisoning:
    an attack where the attacker (Eve) changes the MAC address of a machine.
    MAC Address(Media Access Control):
    Portrayed by 6 groups of two hexadecimal digits separated by colons or hyphens.
    They are associated with a network adapter and are linked to the hardware of network adapters
    unlike IP addresses.


    Address Resolution Protocol
    ARP is the protocol that is used to convert an IP
    address into a physical address.
    The ARP Packet uses a message format that contains
    one address resolution request or reponse
    Application for ARP Poisoning:
    We send these packets to the victim's machine
    informing it to associate with its own MAC address
    instead of the router which cuts off the
    communication between the router and the victim's
    device because the Victim's machine stops
    requesting from the router.
    Tools Required
    Back|Track (If BackTrack is used the components
    below are not needed)
    EtterCap NG
    Wireshark
    If not using EtterCap, you need scrapy,apache, and
    python
    Supportable OS
    PuTTY or other SSH Client
    Ettercap NG
    Ettercap NG is a tool that can be used for ARP Poisoning or other
    man-in-the-middle attacks. (In a Local Area Network)
    Program is available for most Linux Distributions, but supported in
    Debian, Fedora, Gentoo, Pentoo, FreeBSD, OpenBSD, NetBSD
    It is also recently supported for Mac OSX(Snow Leopard & Lion
    Can be run on Windows but will take extra configuration
    Has a Graphical Mode and a Terminal mode
    BackTrack
    Back|Track is a linux distribution armed with
    preloaded instruments to be able to do digital
    forensics and penetration testing.
    This OS is not needed to do ARP poisoning but it
    has all security tools that you need built in so that
    you don't have to download anything else.
    Process
    ARP Spoofing
    ARP Traffic
    ARP Tables
    End Spoofing
    Executing the Attack
    }
    These steps are to set up the
    Man-in-the-middle attack,but
    No actual damage occurs.
    We also check to make sure the
    Attack worked.
    Basic I nterpretation
    Switch
    Rou
    ter
    Web
    Serv
    er
    Network
    Computer 2 Computer 1
    Each computer communicates with the Web Server directly
    Normal Communication
    Man-in-the-Middle Attack
    This attack involes the attacker (Eve) to get in
    between an existing connection of machines to
    intercept, modify, or inject false data. This allows us
    to eavesdrop on a connection.
    Alice Bob
    Eve
    Alice Bob
    Eve
    Data
    Original
    Data
    Modified
    Data
    Basic I nterpretation
    Switch
    Rou
    ter
    Web
    Serv
    er
    Network
    Victim
    Alice
    Ettercap User
    Eve
    Basically the the Attacker put's its machine in a logical position between the victim's machine
    And it's actual target to communicate with.
    Man-In-The-Middle Attack
    ARP Spoofing
    Make sure you are connected to the LAN that your
    victim resides in.
    Lauch Ettercap
    Enter Sniffing Mode and Scan for hosts
    Open up the host list and then select which
    device/computer we want to poison.

    Sniffing
    Sniffing is to eavesdrop on computer communication between devices across
    Or in this case, within a network. This mode allows us to access network traffic
    router
    ARP Poisoning
    Now if we press Arp Poisoning and press Start
    sniffing. The program will modify the ARP tables
    for us.
    The program will change the targeted address of the
    machine in the table in to the attackers MAC address
    so that data being sent from the victim's computer
    goes to the attacker's computer instead of the
    associated router or other computer
    Attacks
    At this point, the victim's computer is now open to
    you attacks.
    DNS Spoofing
    SSH Downgrade Attack
    DOS Attack
    DNS Spoofing
    DNS spoofing is an attack which causes the name
    server to return an incorrect IP address.
    For Example. Let's say the victim is a Stony Brook
    university Student. She/He accesses blackboard on a
    daily basis. After launching this attack we can make
    it so that when the user goes to:
    https://blackboard.stonybrook.edu/webapps/login/
    It redirects to either another page or a script that you
    write. People use this attack for phishing purposes.
    SSH Downgrade
    http://www.openmaniak.com/ettercap_filter.php#ssh
    -downgrade-attack
    DOS Attack
    http://www.securityexplained.net/topics/arppoison/d
    os/index2.html

    You might also like