Ethical Hacking and Penetration Testing Guide



Yüklə 22,44 Mb.
Pdf görüntüsü
səhifə93/235
tarix07.08.2023
ölçüsü22,44 Mb.
#138846
1   ...   89   90   91   92   93   94   95   96   ...   235
Ethical Hacking and Penetration Testing Guide ( PDFDrive )

Scenario—How It Works
bob
192.168.1.3
aa.aa.aa.aa
alice
192.168.1.4
cc.cc.cc.cc
Switch
192.168.1.2
dd.dd.dd.dd
Hacker
192.168.1.10
bb.bb.bb.bb
Hey, alice is at
bb.bb.bb.bb (hacker’s MAC)
Hey, bob is at
bb.bb.bb.bb (hacker’s MAC)
“Thanks”
“Thanks”
Hacker now sniffing all the traffic
Hacker now sniffing all the traffic
Let’s take a look at the scenario presented in this image. The hacker sniffs all the traffic using 
the ARP spoofing attack. We have a switch with the IP 192.168.1.2. We have two hosts, namely, 
“bob” with the IP 192.168.1.3 and “alice” with the IP 192.168.1.4. The “hacker” computer is also 
located on the network with the IP 192.168.1.10.
In order to launch an ARP spoofing attack, the attacker will send two spoofed ARP replies. 
The first reply will be sent to “alice” telling “bob” that “alice” is at the MAC address of the 
“hacker,” that is, “bb.bb.bb.bb”, so all the communication going from “bob” to “alice” will be 
forwarded to the hacker. Now, the hacker will send a spoofed ARP reply to “alice” as well telling 
that “bob” is located at the hacker’s MAC address, since he wants to sniff the traffic going from 
“alice” to “bob” as well. So through ARP spoofing, the hacker is now in the middle, sniffing traffic 
between the two hosts.
Denial of Service Attacks
Another attack that is possible with ARP spoofing is a 
denial-of-service
attack. The attack works 
by associating the victim router’s IP to an IP that does not exist, thereby denying the victim access 

Network Sniffing
◾ 
145
to the Internet: when the victim tries to connect to the Internet, he will reach a nonexisting place. 
The attack is performed by sending a spoofed ARP reply to the victim’s router’s MAC address that 
does not exist. Again, in a real penetration testing environment, you would rarely perform these 
types of attacks, and you will be more focused on launching the ARP spoofing attack.

Yüklə 22,44 Mb.

Dostları ilə paylaş:
1   ...   89   90   91   92   93   94   95   96   ...   235



Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©azkurs.org 2024
rəhbərliyinə müraciət
gir | qeydiyyatdan keç
    Ana səhifə
Stomatologiya
Anesteziologiya
Cərrahlıq
Ginekologiya
Tibb

yükləyin