Scribd Logo
Upload

Welcome to Scribd!

  • 17 views

    Lecture - ARP Poisoning and SLAAC

    Uploaded by

    kulsoom
    ARP poisoning allows an attacker to spoof ARP replies and manipulate a network's ARP tables. This allows the attacker to intercept or redirect traffic by associating the attacker's MAC address with the IP address of another system on the network. Countermeasures include using static ARP tables, limiting local network access, and disabling IPv6 to prevent SLAAC attacks from introducing rogue routers.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Lecture - ARP Poisoning and SLAAC

    Uploaded by

    kulsoom
    17 views14 pages
    ARP poisoning allows an attacker to spoof ARP replies and manipulate a network's ARP tables. This allows the attacker to intercept or redirect traffic by associating the attacker's MAC address with the IP address of another system on the network. Countermeasures include using static ARP tables, limiting local network access, and disabling IPv6 to prevent SLAAC attacks from introducing rogue routers.

    Original Description:

    Original Title

    Lecture -ARP Poisoning and SLAAC.pptx

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    ARP poisoning allows an attacker to spoof ARP replies and manipulate a network's ARP tables. This allows the attacker to intercept or redirect traffic by associating the attacker's MAC address with the IP address of another system on the network. Countermeasures include using static ARP tables, limiting local network access, and disabling IPv6 to prevent SLAAC attacks from introducing rogue routers.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    17 views14 pages

    Lecture - ARP Poisoning and SLAAC

    Uploaded by

    kulsoom
    ARP poisoning allows an attacker to spoof ARP replies and manipulate a network's ARP tables. This allows the attacker to intercept or redirect traffic by associating the attacker's MAC address with the IP address of another system on the network. Countermeasures include using static ARP tables, limiting local network access, and disabling IPv6 to prevent SLAAC attacks from introducing rogue routers.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 14

    ARP Poisoning

    Address Resolution Protocol Poisoning


    • The Address Resolution Protocol (ARP) is a protocol used for
    resolving IP addresses to machine (MAC) address
    • When one machine needs to communicate with another, it
    looks up its ARP table
    • If the Mac address is not listed in the table, the ARP_REQUEST
    is broadcasted over the network
    • All machines will compare this IP address to their MAC
    address
    • If one of the machine in the network identifies with this
    address, it will respond with ARP_REPLY with its IP and MAC
    address
    • The requesting machine will store the address pair in the ARP
    table and communication will take place
    Address Resolution Protocol Poisoning
    Address Resolution Protocol Poisoning
    • The problem: ARP requests and replies do NOT
    require authentication or verification
    – All hosts trust all ARP replies
    – ARP spoofing uses false ARP replies to map any IP
    address to any MAC address
    – An attacker can manipulate ARP tables on all LAN
    hosts
    – The attacker must send a continuous stream of
    unsolicited ARP replies
    Address Resolution Protocol Poisoning
    Address Resolution Protocol Poisoning
    • ARP DoS Attack
    – Attacker sends all internal hosts a continuous
    stream of unsolicited spoofed ARP replies saying
    the gateway (10.0.0.4) is at E5-E5-E5-E5-E5-E5
    Hosts record the gateway’s IP address and
    nonexistent MAC address
    – The switch receives packets from internal hosts
    addressed to E5-E5-E5-E5-E5-E5 but cannot
    deliver them because the host does not exist
    – Packets addressed to E5-E5-E5-E5-E5-E5 are
    dropped
    Address Resolution Protocol Poisoning
    • ARP DoS Attack
    ARP Poisoning Countermeasures

    • Static IP/ ARP tables


    – Static ARP tables are manually set and cannot be dynamically
    updated using the ARP

    – Each computer has a known static IP address that does not


    change

    – All hosts on the LAN know which IP address is assigned to each


    MAC address (host)

    – Problem ?
    ARP Poisoning Countermeasures
    • Limit Local Access
    – limit access to the local network
    – Foreign hosts must be kept off the LAN
    Stateless Address Auto Configuration
    (SLAAC) attack
    Stateless Address Auto Configuration (SLAAC) attack

    • This attack occurs when a rogue IPv6 router is


    introduced to an IPv4 network

    • All traffic is automatically rerouted through the IPv6


    router, creating the potential for a MITM attack

    • Ipv 4 vs Ipv 6
    Stateless Address Auto Configuration (SLAAC) attack
    Stateless Address Auto Configuration (SLAAC) attack
    • Traffic on the existing IPv4 network is rerouted
    through the rogue IPv6 router
    Stateless Address Auto Configuration (SLAAC) attack
    • Countermeasure
    – disable IPv6 on each host

    You might also like