1 / 11

Fundamentals of Computer Security

Fundamentals of Computer Security. Network Hack: ARP Poisoning. Network Technology. ports. Network Interface Card ( NIC ). Host Computer. Hub. A hub establishes connections from one-to-many ports. Network Technology. ports. Network Interface Card ( NIC ). Host Computer. Switch.

deanna-vega
Download Presentation

Fundamentals of Computer Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Fundamentals of Computer Security Network Hack: ARP Poisoning CSCI 379 Fundamentals of Computer Security

  2. Network Technology ports Network Interface Card (NIC) Host Computer Hub A hub establishes connections from one-to-many ports. CSCI 379 Fundamentals of Computer Security

  3. Network Technology ports Network Interface Card (NIC) Host Computer Switch A switch is able to establish port-to-port connections. CSCI 379 Fundamentals of Computer Security

  4. Addressing NIC MAC Address: a unique, six-byte hex number assigned by the manufacturer. Each networked device has its own MAC address. Example: 00:4E:3F:12:2A:00 NIC Host Computer NIC MAC Address (six-byte) IP Address (four-byte) mapping? Assignable by the administrator. Used in the global Internet; routable. Recognized by Internet protocols. Fixed. Used internally in the local network; not routable. Recognized only by lower level protocols. CSCI 379 Fundamentals of Computer Security

  5. The Address Resolution Protocol(ARP) This protocol constructs on-the-fly a mapping between the MAC addresses and the IP addresses in a local network. Basic Elements: • ARP Cache (or table) • ARP Request messages • ARP Reply messages Example: Host A: who has IP address x? Host B: <silence> Host C: <silence> Host D: hey, that’s me and my MAC address is y, btw. Host A: (add to its ARP cache the pair {IP(x),MAC(y)}) broadcast point to point Subsequently, host A’s messages to IP(x) on the network are addressed to MAC(y). CSCI 379 Fundamentals of Computer Security

  6. Vulnerability ARP Request messages are sent to the broadcast MAC address FF:FF:FF:FF:FF:FF. ARP Reply messages are sent back to the MAC address of the requester. There is no guarantee that who replies to an ARP Request is really who it says it is. There is authentication. CSCI 379 Fundamentals of Computer Security

  7. Threats CSCI 379 Fundamentals of Computer Security

  8. Denial of Service Faking ARP Replies, one can associate an important IP address to a false MAC address, for instance, a MAC address that does not exist. If that important IP address happens to correspond to the router, the network can be effectively disconnected: it can’t see the outside world and the outside world can’t see the local network. CSCI 379 Fundamentals of Computer Security

  9. Man-in-the-Middle (MITM) Example: Host A: who has IP address 192.168.0.1 (router)? Host B: <silence> Host C: <silence> Host D: hey, that’s me and my MAC address is y, btw. Host A: (add to its ARP cache the {IP(192.168.0.1),MAC(y)}) Router to the Internet Host D becomes “the router”: all traffic goes through D now, but D should be smart enough to allow outside traffic to go outside. What kind of bad things can D do? Sneak-and-peek, filter traffic, respond to requests sent to outside servers, etc. CSCI 379 Fundamentals of Computer Security

  10. MAC Flooding Switch to the Internet This is an ARP Cache Poisoning technique that aims at overloading the switch. When certain switches are overloaded, they drop into “hub mode”: all network traffic gets broadcast to all the computers on the network. When this happens, sniffing packets becomes possible. The trick is to spoof many, many ARP replies hoping to overload the switch’s ARP table. How can one carry out this kind of attack? CSCI 379 Fundamentals of Computer Security

  11. Incident Reporting Statistics Source: http://www.cert.org CSCI 379 Fundamentals of Computer Security

More Related