ARP Protocol and Network Interface Basics

arp protocol and attacks n.w
1 / 38
Embed
Share

Explore the fundamentals of ARP protocol, Ethernet frames, MAC headers, NICs, virtual NICs, promiscuous mode, MAC address randomization, and privacy in this informative content. Learn about ARP cache poisoning attacks and the significance of MAC address resolution in LAN communication.

  • ARP Protocol
  • Network Interface
  • Ethernet Frames
  • MAC Address
  • LAN Communication
rayaanacharya
ekla Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. ARP Protocol and Attacks

  2. Outline Network Interface Ethernet frame and MAC header ARP protocol ARP cache poisoning attack

  3. NETWORK INTERFACE AND ETHERNET

  4. Network Interface Card (NIC) Physical or logical link between computer and network Each NIC has a hardware address: MAC address

  5. Packet Flow Network Interface Card

  6. Physical and Virtual NIC

  7. Examples of Virtual NIC Loopback Interface Dummy Interface (similar to loopback, but with its own IP)

  8. Ethernet Frame & MAC Header

  9. Ethernet Frame Example

  10. Scapy Program

  11. Promiscuous Mode Ethernet is a broadcast medium NIC check destination MAC address mine: accept the frame not mine: discard it Enable promiscuous mode Will not check destination MAC Take in all the packets on the local network Useful for packet sniffing

  12. MAC Address Randomization and Privacy

  13. THE ARP PROTOCOL

  14. The ARP Protocol Communication on LAN Need to use MAC address But we only know the IP address ARP: Address Resolution Protocol Find MAC from IP

  15. ARP Request/Reply

  16. Send ARP Request: Example 1 ping 10.9.0.6 from 10.9.0.5

  17. Send ARP Request: Example 2 ping 10.0.2.15 from 10.0.2.4

  18. ARP Message Format

  19. ARP Class in Scapy

  20. Questions Different behaviors of the following commands 1. ping 10.9.0.6 (existing, on LAN) 2. ping 10.9.0.99 (non-existing, on LAN) 3. ping 1.2.3.4 (non-existing, not on LAN) 4. ping 8.8.8.8 (existing, on the Internet)

  21. ARP Cache Avoid sending too many ARP requests ARP caches received information empty cache

  22. ARP Cache Poisoning Attack

  23. ARP Cache Poisoning Spoof ARP Messages Request Reply Gratuitous message Spoofed message might be cached by the victim Which type of message will be cached depends on OS implementation

  24. Constructing ARP Message Construct ARP packet Fields of ARP and Ether Class

  25. Spoof ARP Request/Reply: Code Skeleton victim: 10.9.0.5 goal: map 10.9.0.99 to aa:bb:cc:dd:ee:ff

  26. Spoofing Gratuitous Message Special type of ARP message Source IP = Destination IP Destination MAC = broadcast address (ff:ff:ff:ff:ff:ff)

  27. Note: ARP Becomes Stateful

  28. MAN-IN-THE-MIDDLE ATTACK

  29. MITM: Man-In-The-Middle Attack

  30. Man-In-The-Middle Attack

  31. Use ARP Cache Poisoning to Redirect Packets Poison A s ARP cache, so B s IP is mapped to M s MAC. Poison B s ARP cache, so A s IP is mapped to M s MAC. Machine A Machine B

  32. Forward Packets without Modification Enable/Disable IP Forwarding sysctl net.ipv4.ip_forward=1 sysctl net.ipv4.ip_forward=0

  33. Demo With IP forwarding on

  34. MITM Step 1: Intercept Packets Disable IP Forwarding sysctl net.ipv4.ip_forward=0 How to Get the packet on M?

  35. MITM Step 2: Get the Intercepted Packets Question: which filter should we use, f1 or f2?

  36. MITM Step 3: Modify Packets

  37. MITM Step 4: Demo

  38. Question Disclaimer: this is a fiction! In the 2020 State of Union address, President Trump said the following: "In 2019, Russian hackers launched many ARP cache-poisoning attacks from Russia against the computer networks inside the White House, but, as I can proudly tell you, under my leadership, my staff has successfully defeated all of these attacks ." Then he paused, looking at the audience, waiting for applause. Do you applaud or not?

Related


Overview of COVID Relief Funds for K-12 Education Programs ESSER & ARP ESSER

Overview of COVID Relief Funds for K-12 Education Programs ESSER & ARP ESSER

etienne
Proposed Approach for MAC Address Assignment in IEEE 802.11

Proposed Approach for MAC Address Assignment in IEEE 802.11

adlai
IEEE 802.11-20/0054r1 MLD MAC Address and WM Address

IEEE 802.11-20/0054r1 MLD MAC Address and WM Address

case
Overview of American Rescue Plan Act Implementation at Niagara Falls City School District

Overview of American Rescue Plan Act Implementation at Niagara Falls City School District

riyen
Network Security: Hijacking, Denial of Service, and IDS

Network Security: Hijacking, Denial of Service, and IDS

sally
ARP ESSER Maintenance of Equity Requirements for LEAs FY 2022

ARP ESSER Maintenance of Equity Requirements for LEAs FY 2022

bertha
Enhancing Privacy with Randomized MAC Addresses in 802.11 Networks

Enhancing Privacy with Randomized MAC Addresses in 802.11 Networks

kgorr
Privacy Issues in IEEE 802.11 Networks: Tracking and MAC Randomization

Privacy Issues in IEEE 802.11 Networks: Tracking and MAC Randomization

kard154
IEEE802.15-14-0110-01-0mag MAC Timing Discussion Points for IEEE 802.15.4 Revision

IEEE802.15-14-0110-01-0mag MAC Timing Discussion Points for IEEE 802.15.4 Revision

kstru
Summary of MAC Address Policy Contribution to IEEE 802.11

Summary of MAC Address Policy Contribution to IEEE 802.11

desl_84
Implications of IEEE 802.11 State Machine and MAC Randomization

Implications of IEEE 802.11 State Machine and MAC Randomization

azarel
IEEE 802.11-21/1585r10: Identifiable Random MAC Address Presentation Summary

IEEE 802.11-21/1585r10: Identifiable Random MAC Address Presentation Summary

buchholtz_b
HOME-ARP Updates and Policy Guidance Summary

HOME-ARP Updates and Policy Guidance Summary

siya_8
How to Record Your Voice: A Comprehensive Guide for Windows, Mac, and Smartphones

How to Record Your Voice: A Comprehensive Guide for Windows, Mac, and Smartphones

wear_ck
Emergency Assistance for Non-Public Schools - EANS-II and ARP Programs Overview

Emergency Assistance for Non-Public Schools - EANS-II and ARP Programs Overview

melick_a
Lightweight Cryptography: Key-Reduced Variants and Beyond-Birthday-Bound Security

Lightweight Cryptography: Key-Reduced Variants and Beyond-Birthday-Bound Security

ccook
Local MAC Address Assignment Protocol (LAAP) and 802.1CQ

Local MAC Address Assignment Protocol (LAAP) and 802.1CQ

hill_z
Introduction to IEEE 802c SLAP

Introduction to IEEE 802c SLAP

slabaugh_h
Simplified Router Implementation for CSC458/2209 Course

Simplified Router Implementation for CSC458/2209 Course

klepper_a
ARP, ICMP, and DHCP in TCP/IP Protocol Stack

ARP, ICMP, and DHCP in TCP/IP Protocol Stack

kori_594
Caseous Mitral Valve Calcification (C-MAC) and Stroke: Overview and Management

Caseous Mitral Valve Calcification (C-MAC) and Stroke: Overview and Management

dean_358
Overview of HOME-ARP Program in City of Norman

Overview of HOME-ARP Program in City of Norman

levo372

More Related Content