1 / 8

The Inherent Insecurity of Ethernet

The Inherent Insecurity of Ethernet. An Introduction to ARP Poisoning by Stephen Roux. About ARP. ARP = Address Resolution Protocol Directs traffic within a subnet Connects network and data link layers No built-in security. How ARP Works. Source broadcasts question

epperson
Download Presentation

The Inherent Insecurity of Ethernet

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Inherent Insecurity of Ethernet An Introduction to ARP Poisoning by Stephen Roux sproux/InsecurityOfEthernet

  2. About ARP • ARP = Address Resolution Protocol • Directs traffic within a subnet • Connects network and data link layers • No built-in security sproux/InsecurityOfEthernet

  3. How ARP Works • Source broadcasts question • Who has IP address 192.168.38.17? • Destination responds • I do, my MAC address is 00-d1-b7-6e-ca-4b • Source adds mapping to its ARP cache C:\>arp -a Interface: 192.168.38.62 --- 0x4 Internet Address Physical Address Type 192.168.38.17 00-d1-b7-6e-ca-4b dynamic sproux/InsecurityOfEthernet

  4. Caching • ARP mappings are kept for 2-20 minutes • Improves performance • No need to waste packets on mappings that don’t change often sproux/InsecurityOfEthernet

  5. Stateless Protocol • ARP does not match requests to replies • Unsolicited replies can be sent • Improves performance • System with newly allocated IP address can announce itself to the subnet • Works well with DHCP • Immediately modifies the ARP cache sproux/InsecurityOfEthernet

  6. Why This Is Bad • An attacker can falsify ARP messages • Poison the cache of a target victim • Redirect traffic • DOS • MITM sproux/InsecurityOfEthernet

  7. Current Solutions • Switch/router settings • Advanced features • Can protect only if correctly configured • Network monitoring • Difficult to tell the difference between legitimate ARP traffic and malicious • Client-based • Static ARP tables • Block inconsistencies sproux/InsecurityOfEthernet

  8. Future Solutions • Design secure ARP • May need to be significantly modified • Add cryptographic authentication • Must not significantly slow down the network • Combine ideas into new standard • One idea: • “An Efficient Solution to the ARP Cache Poisoning Problem” by Vipul Goyal and Rohit Tripathy sproux/InsecurityOfEthernet

More Related