Monday, September 21, 2015

ARP Spoofing




ARP Spoofing is an attack in which an attacker can send falsified ARP messages over a local area network and link the victim's IP address with his MAC address. As a result, all the traffic that is meant for the victim, will reach the attacker first. The attacker can afterwards steal sensitive information or prepare for more attacks.





How is ARP Spoofing perpetrated ?

In ARP Spoofing, an attacker typically follow the steps mentioned below :


  1. The attacker queries and finds out the ip addresses and corresponding MAC addresses of users connected to the target subnet. There are lots of ARP Spoofing tools like Arpspoof, Cain & Abel, Arpoison and Ettercap that are commonly used for ARP Spoofing.
  2. The attacker finds the victim's IP address, and then links his MAC address with the victim's IP address and sends out ARP messages across the LAN.
  3. - The other hosts in the LAN cache the falsified ARP message. As a result, traffic meant for the victim, reaches the attacker instead.

Implications of ARP Spoofing Attacks

There can be many serious implications. Like:

  • If the attacker links multiple IP address to the victim's MAC address, packets meant for several IP addresses will reach the victim alone, which can lead to Denial of Service attack.
  • The attacker can steal the victim's session Id and access private data.
  • The attacker can intercept and modify the traffic of the victim, which can lead to Man In The Middle attack.

Prevention

We can some steps to prevent ARP Spoofing Attacks.

  • Use packet filters and do not allow packets with conflicting source information. For an example, do not allow packets that come from outside the network but contains source IP of inside the network.
  • Organizations can avoid trust relationships. Do not allow any machine of any IP address to access internal data of the organization without authentications.
  • There are couple of software available for detection of ARP Spoofing. You can use those.
  • Try to use cryptographic network protocols like HTTPS, SSH, TLS etc. Secure communications prevent ARP Spoofing by encrypting data prior to transmission and authenticate it when it arrives.

So, do not give an attacker any chance, take some simple steps and stay protected!

No comments:

Post a Comment