Ethical Hacking and Penetration Testing Guide
Yüklə 22,44 Mb. Pdf görüntüsü
|
|
143
ARP Attacks There are two types of attack vectors that could be utilized with ARP: 1. MAC flooding 2. ARP poisoning or ARP spoofing MAC Flooding We will discuss MAC flooding first as it is easier. The idea behind a MAC flooding attack is to send a huge amount of ARP replies to a switch, thereby overloading the cam table of the switch. Once the switch overloads, it goes into hub mode, meaning that it will forward the traffic to every single computer on the network. All the attacker needs to do now is run a sniffer to capture all the traffic. This attack does not work on every switch; lots of newer switches have built-in protection against an attack. Macof Macof is part of dsniff series of tools, which I will demonstrate once we get to ARP spoofing. Macof fills the cam table in less than a minute or so, since it sends a huge number of MAC entries—155,000 per minute, to be specific. Usage The usage is extremely simple. All we need to do is execute “macof” command from our terminal. Take a look at the following screenshot: Once the cam table has been flooded, we can open Wireshark and start capturing the traffic. By default, Wireshark is set to capture the traffic in the promiscuous mode; however, you don’t need to sniff in the promiscuous mode when a switch goes into a hub mode since the traffic is already promiscuous. 144 ◾ Ethical Hacking and Penetration Testing Guide ARP Poisoning ARP poisoning is a very popular attack and can be used to get in the middle of a communica- tion. This could be achieved by sending fake “ARP replies”. As discussed earlier, the ARP protocol would always trust that the reply is coming from the right device. Due to this flaw in its design, it can in no way verify that the ARP reply was sent from the correct device. The way it works is that the attacker would send a spoofed ARP reply to any computer on a network to make it believe that a certain IP is associated with a certain MAC address, thereby poisoning its ARP cache that keeps track of IP to MAC addresses. Yüklə 22,44 Mb. Dostları ilə paylaş:
|