Scribd
Upload
317 views17 pages

Arp Poisoning

This document discusses ARP (Address Resolution Protocol) poisoning attacks. It begins with an introduction to ARP and how it maps IP addresses to MAC addresses. It then explains how ARP is vulnerable because it has no authentication mechanism, allowing attackers to spoof ARP responses and poison a target's ARP cache. This enables man-in-the-middle attacks and denial of service attacks by redirecting traffic to the attacker's machine. The document outlines several ARP cache poisoning techniques and discusses mitigation strategies like static ARP entries and port security on switches.

Uploaded by

Niranjana Karandikar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
317 views17 pages

Arp Poisoning

This document discusses ARP (Address Resolution Protocol) poisoning attacks. It begins with an introduction to ARP and how it maps IP addresses to MAC addresses. It then explains how ARP is vulnerable because it has no authentication mechanism, allowing attackers to spoof ARP responses and poison a target's ARP cache. This enables man-in-the-middle attacks and denial of service attacks by redirecting traffic to the attacker's machine. The document outlines several ARP cache poisoning techniques and discusses mitigation strategies like static ARP entries and port security on switches.

Uploaded by

Niranjana Karandikar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 17

ARP Poisoning

Niranjana.S.Karandikar
Msc-2
Sem-IV

PSDF401: Vulnerability Assessment and


Penetration Testing Part II

Contents
ARP-

Introduction

ARP-

The Protocol

Gullible
ARP

ARP

cache Poisoning

DOS
MITM
MAC

Flooding

Mitigations

Introduction
NIC
MAC
IP
ARP

table

ARP- The Protocol

ARP Request

"Who has this IP address (a.b.c.d) ?"

ARP Reply

"I have that IP. My MAC address is [a.b.c.d]."

RARP Request

"Who has this MAC address?"

RARP Reply

"I have that MAC. My IP address is [a.b.c.d]"

Gullible ARP
Simplicity

for efficiency= Major

Insecurity
No

Authentication

Stateless

Connection

ARP Cache Poisoning


A

says I am B

has no means of verifying who

really is B or C
A

is very gullible

No

way to authenticate the IP to MAC

address mapping in the ARP reply.


The

host does not check whether it

sent an ARP request for which it is


receiving ARP reply message.
Thus

opening doors to the following

Attacks

DOS
Wrong

or fictitious IP mapped in ARP

table
Eg: Routers IPfictitious MAC
All packets for the router wrong
MAC
Network down

MITM
A-C-B
C

will send a reply to B with As IP and Cs

MAC
C

will send reply to A with Bs IP and Cs

MAC
Switch

On Port Forwarding

ACB
ACB

MAC Flooding
Target:-

Network Switch
Vulnerability:- Acts like hub when
overloaded and start broadcasting all
the network traffic to all the hosts
connected to network
Attack:- send many fake ARP repiles
to overload the switch.

Mitigations
Small

Networks
Large Networks
All Networks

Small Networks
Static

IP
Static ARP
Ifconfig/all view IP and MAC of
devices in network
Arp s add static entries
login script that would add these
static entries to your PCs as they
boot
hard to maintain
impossible in large networks

Large Networks
Port

Security Features
One MAC per physical port of switch

All Networks
Use

of automated monitoring tools


such as ARP WATCH,ARP
monitor,ARPing,ARPscan,Antidote,AR
Poison

References
http://www.watchguard.com/glossar

y/a.asp#ARP
http://www.veracode.com/security/ar
p-spoofing
http://www.windowsecurity.com/articl
es-tutorials/authentication_and_encr
yption/Understanding-Man-in-the-Midd
le-Attacks-ARP-Part1.html
http://www.watchguard.com/infocente
r/editorial/135250.asp

Thank You

The cruelest lies are often


told in silence

You might also like