Poisoning Networks Motjvatjon You are sittjng in an Internet Cafe - - PowerPoint PPT Presentation

poisoning networks motjvatjon
SMART_READER_LITE
LIVE PREVIEW

Poisoning Networks Motjvatjon You are sittjng in an Internet Cafe - - PowerPoint PPT Presentation

Apr 13, 2023 417 likes •583 views

create your own exercise Pranav Jagdish & Cristoph Hielscher Poisoning Networks Motjvatjon You are sittjng in an Internet Cafe at the airport heading back from that awesome vacatjon You are wishing your loved ones Happy New Year

slide-1
SLIDE 1

create your own exercise

Poisoning Networks

Pranav Jagdish & Cristoph Hielscher

slide-2
SLIDE 2

Motjvatjon

  • You are sittjng in an Internet Cafe at the airport heading

back from that awesome vacatjon

  • You are wishing your loved ones Happy New Year through

your email, browsing your bank details, ...

  • Litule do you know that weird looking guy next to you is

conductjng a Person in the Middle atuack…

2

slide-3
SLIDE 3

Lecture Overview

  • Address Resolutjon Protocol
  • Domain Name Sytem
  • Person in the Middle Atuacks
  • Security Measures

3

slide-4
SLIDE 4

ARP – Address Resolutjon Protocol

How does ARP work?

  • What is the MAC address of the destjnatjon IP

address?

− Sender of a data packet broadcasts ARP request for the destjnatjon IP address − Destjnatjon replies with its MAC address

  • The reply is cached in ARP table of the sender

4

slide-5
SLIDE 5

ARP Spoofjng

  • The main problem

− Dynamic confjguratjon of the ARP table via ARP requests and replies

  • Spoofjng - Sending faked ARP replies

− Atuacker advertjses his MAC address as if of some

  • ther system!

5

slide-6
SLIDE 6

ARP Spoofjng

  • No security measures in ARP

− Caching is automated

6

slide-7
SLIDE 7

Why ARP Spoofjng?

  • It is possible to intercept traffjc from all

machines in the local network

  • ARP Spoofjng is the fjrst step for more

advanced atuacks like DNS Spoofjng

  • An atuacker can ARP spoof the gateway and

make all data get forwarded through her, thus leading to PITM atuacks

7

slide-8
SLIDE 8

Similar with NDP

  • IPv6 does not ofger any protectjon against

these kinds of atuacks either

8

slide-9
SLIDE 9

DNS – Domain Name Service

  • Internet Protocol uses IP addresses
  • A human cannot possibly remember IP

addresses of websites

  • 173.194.35.183 = Google’s IP address →

www.google.com is easier to remember

  • DNS provides the internet with its “Yellow

Pages” so to speak

9

slide-10
SLIDE 10
  • Common goal of these atuacks is to:

− Manipulate DNS in various ways − Redirect users to alternatjve destjnatjons (a phishing page!) − Leads to PITM atuacks

  • DNS Spoofjng

− Wrong IP for a given WEBSITE name

DNS Atuacks

10

slide-11
SLIDE 11

DNS Atuacks

  • Cache Poisoning

− Wrong answers are stored in a cache and are contjnued to be served untjl a tjmeout

  • Why is it even possible?

− No authentjcatjon or integrity verifjcatjon of replies

11

slide-12
SLIDE 12

PITM – Person in the Middle Atuack

  • ARP Poisoning and DNS Poisoning can lead to

PITM atuacks

  • The atuacker lets all traffjc pass through her

machine and captures confjdentjal data

  • Sniffjng passwords via Wireshark

12

slide-13
SLIDE 13

Security Measures

  • ARP Spoofjng

− Statjc ARP Table entries – too much work − arpon

  • DNS Pharming

− DNSSEC: This may not help!

13

slide-14
SLIDE 14

Web server (PC4) Alice (PC1) Bob (PC5) Switch Eve (PC2) Cisco Router

Practjcal Part

14

slide-15
SLIDE 15

What Will You Learn?

15

The Following Learning Goals are Covered in the Lecture PreLab Lab Understand how ARP works and what is Poisoning X X Conduct ARP, DNS and DHCP Poisoning X X X Atuempt PITM atuack afuer poisoning the network X X Use arpspoof, fake & arpon X X Deploy countermeasures and check for fmaws if any X X