create your own exercise Pranav Jagdish & Cristoph Hielscher Poisoning Networks
Motjvatjon • You are sittjng in an Internet Cafe at the airport heading back from that awesome vacatjon • You are wishing your loved ones Happy New Year through your email, browsing your bank details, ... • Litule do you know that weird looking guy next to you is conductjng a Person in the Middle atuack… 2
Lecture Overview • Address Resolutjon Protocol • Domain Name Sytem • Person in the Middle Atuacks • Security Measures 3
ARP – Address Resolutjon Protocol How does ARP work? • What is the MAC address of the destjnatjon IP address? − Sender of a data packet broadcasts ARP request for the destjnatjon IP address − Destjnatjon replies with its MAC address • The reply is cached in ARP table of the sender 4
ARP Spoofjng • The main problem − Dynamic confjguratjon of the ARP table via ARP requests and replies • Spoofjng - Sending faked ARP replies − Atuacker advertjses his MAC address as if of some other system! 5
ARP Spoofjng • No security measures in ARP − Caching is automated 6
Why ARP Spoofjng? • It is possible to intercept traffjc from all machines in the local network • ARP Spoofjng is the fjrst step for more advanced atuacks like DNS Spoofjng • An atuacker can ARP spoof the gateway and make all data get forwarded through her, thus leading to PITM atuacks 7
Similar with NDP • IPv6 does not ofger any protectjon against these kinds of atuacks either 8
DNS – Domain Name Service • Internet Protocol uses IP addresses • A human cannot possibly remember IP addresses of websites • 173.194.35.183 = Google’s IP address → www.google.com is easier to remember • DNS provides the internet with its “Yellow Pages” so to speak 9
DNS Atuacks • Common goal of these atuacks is to: − Manipulate DNS in various ways − Redirect users to alternatjve destjnatjons (a phishing page!) − Leads to PITM atuacks • DNS Spoofjng − Wrong IP for a given WEBSITE name 10
DNS Atuacks • Cache Poisoning − Wrong answers are stored in a cache and are contjnued to be served untjl a tjmeout • Why is it even possible? − No authentjcatjon or integrity verifjcatjon of replies 11
PITM – Person in the Middle Atuack • ARP Poisoning and DNS Poisoning can lead to PITM atuacks • The atuacker lets all traffjc pass through her machine and captures confjdentjal data • Sniffjng passwords via Wireshark 12
Security Measures • ARP Spoofjng − Statjc ARP Table entries – too much work − arpon • DNS Pharming − DNSSEC: This may not help! 13
Practjcal Part Web server Eve (PC4) Cisco Router (PC2) Switch Bob Alice (PC5) (PC1) 14
What Will You Learn? The Following Learning Goals are Covered in the Lecture PreLab Lab Understand how ARP works and what is Poisoning X X Conduct ARP, DNS and DHCP Poisoning X X X Atuempt PITM atuack afuer poisoning the network X X Use arpspoof, fake & arpon X X Deploy countermeasures and check for fmaws if any X X 15
Recommend
More recommend