Towards Layer 2 Authentication: Preventing Attacks based on Address Resolution Protocol Spoofing
|
|
- Vernon Mason
- 5 years ago
- Views:
Transcription
1 Towards Layer 2 Authentication: Preventing Attacks based on Address Resolution Protocol Spoofing Sean H. Whalen Department of Computer Science, University of California, Davis, USA, cs.ucdavis.edu Abstract The Address Resolution Protocol provides network clients with a mapping between Layer 2 (MAC) and Layer 3 (IP) addresses. By sending forged ARP replies, attackers can launch a range of devastating attacks on virtually any Ethernet network. No widely applicable solutions exist. In this paper I discuss a novel approach to the problem, and describe its implementation in a Java-based virtual networking environment. 1. Introduction The Address Resolution Protocol (ARP) and Reverse ARP (RARP) provide Ethernet networks with a mechanism for mapping between Layer 2 (MAC) and Layer 3 (IP) addressing [1]. This mapping is essential for network operation. Applications communicate using Layer 3 addresses, but application level data is encapsulated inside a Layer 2 header before physical transmission. The switch uses the Layer 2 destination address from this header to determine the correct physical port for transmission (see Figure 1). Before a client can transmit a frame on the network, this destination address must be discovered using the only information the client currently has: a Layer 3 address. with the remote IP it wants to communicate with. If an entry exists, the current mapping is used. If an entry does not exist, an ARP request is broadcast to the local network, asking If you are IP address x.x.x.x, send me your MAC. Remote clients receive the request, and transmit an ARP reply containing their MAC if they are assigned the IP specified in the request. Forging the Layer 2 address in an ARP reply forms the basis for ARP spoofing attacks. A client will update its cache regardless of whether it has sent a prior request. The transmission of an ARP reply without reception of a request is called gratuitous ARP, and is commonly performed on device startup. ARP replies are implicitly trusted, gratuitous or not. Not only do libraries such as libnet [2] facilitate creation of forged frames and packets, but the hardware addresses of network devices are userdefinable in all major operating systems. Trust in any network address is misplaced. This paper aims to explore a possible solution to ARP spoofing. I have developed a virtual networking environment in Java which simulates a switched environment, with a configurable number of clients. Simulation requires no physical resources and enables faster development cycles, at the risk of incorrect models invalidating results. I later plan to implement the solution in an open source operating system to demonstrate its real-world effectiveness. Figure 1: Relevant ARP frame headers Every client maintains an ARP cache. An entry in the cache consists of an IP (known) and MAC (discovered) address. Before transmission of a frame, a client checks its cache for an entry associated Page 1 of 5 I have previously outlined in detail the operation of ARP spoofing in [3]. Sniffing on switches, LAN-wide denial of service, man in the middle, and connection hijacking are all made possible by abusing ARP. Tools like Ettercap [4] have made these attacks trivial to perform by even those with little networking knowledge. 2. Prevention ARP-based attacks are not easily prevented in current architectures. There are a handful of actions often recommended for mitigation. The first of these is employing static ARP, which renders entries in an ARP cache immutable. This is currently the only true
2 defense, but is impractical. Windows machines ignore the static flag and always update the cache. In addition, handling static entries for each client in a network is unfeasible for all but the smallest networks. An administrator must deploy new entries to every machine on the network when a new client is connected, or when a NIC is replaced. Furthermore, this prevents the use of some DHCP configurations which frequently change MAC/IP associations during lease renewal. The second recommended action is enabling port security on the switch. Also known as MAC binding, this is a feature of high-end switches which ties a physical port to a MAC address. This fixed address can be manually set by the administrator to a range of one or more addresses, or can be auto-configured by the switch during the first frame transmission on the port. These port/address associations are stored in Content Addressable Memory (CAM) tables [5], a hardware-based reverse lookup device. A change in the transmitter s MAC address can result in port shutdown, or other actions as configured by the administrator. However, port security is far from ubiquitous and does nothing to prevent ARP spoofing [6] (see Figure 2). Consider a man-in-the-middle attack as presented in [3]. An attacker X only needs to convince victim A to deliver frames meant for B to X, and vice versa for victim B. When sending forged ARP replies to achieve this, at no time must X forge its MAC address only the cache of the clients is manipulated. Port security validates the source MAC in the frame header, but ARP frames contain an additional source MAC field in the data payload, and it is this field that clients use to populate their caches [1]. It should be said, however, that port security does prevent other attacks mentioned in [3] such as MAC flooding and cloning, and becomes essential to the solutions I present in this paper. Without the prevention of MAC flooding, there is no use defending against ARP attacks when 100 lines of Perl can force a switch into broadcast mode [7]. Thirdly, virtual LANs (VLANs) create network boundaries which ARP traffic cannot cross, limiting the number of clients susceptible to attack. However, VLANs are not always an option and have their own set of vulnerabilities as detailed in [8]. Lastly, Arpwatch (as mentioned in [3]) allows notification of MAC/IP changes via . From experience, visually monitoring these alerts is a process prone to false positives and false negatives. Still, detection is an important step in mitigation. 3. Authenticating Layer 2 Layer 2 authentication must be approached with practicality in mind. Solutions involving hardware changes to the switch are not realistic outside of a virtual environment, and would require significant reinvestment for businesses. Changes to the client, however, only involve patching the kernel for open source systems or binary patches for closed source platforms. Cryptography requires thoughtful design. The addition of any dependency such as a key server adds a point of failure. PKI increases demands on bandwidth and processing power, both of which may be scarce in a network. It is with the above considerations in mind that I approach the problem. Figure 2: Port security fails to stop ARP spoofing Consider a machine receiving a gratuitous ARP reply. ARP is a stateless protocol, and cannot distinguish between a gratuitous reply and a reply that followed a request. If a client only accepts replies within N seconds of a request, the scope of the problem is reduced to resolving conflicting replies within this Page 2 of 5
3 interval. I propose a small degree of statefulness in ARP to achieve this reduction. Next, consider this multiple-reply conflict. A client sends a request and receives more than one reply within an N second window, both claiming ownership of the same IP (see Figure 3). Which reply can be trusted? What if one, both, or no hosts are lying? Solaris implements such a window but accepts the first reply, resulting in a race condition [9]. Without an independent authority, a client cannot make an educated decision regarding trust. Figure 3: Client cannot decide which reply to trust However, there is an entity on most networks which maintains an authoritative map between Layer 2 and Layer 3 addresses: the DHCP server. I propose using a modified DHCP server to resolve conflicting ARP replies (see Figure 4). A public and private key pair is generated for the server during installation. The public key is distributed with the address lease. When a client requires conflict resolution it consults the DHCP server, sending the IP in question and a random sequence number from 0 to 2^63-1. The server generates and signs a response. The client checks the sequence number and verifies the signature with the server s public key. If the sequence number does not match, the response is deemed a replay attack and is discarded. Figure 4: Conflict resolved by consulting server This is a simpler but cryptographically stronger approach than that taken in RFC3118, Authentication for DHCP Messages [10]. A 3118-compliant DHCP server will be used as the basis for real-world implementation. The server should be locked down on a dedicated machine, ignoring ARP frames (ifconfig arp on some platforms) and using the frame s non-payload source MAC for lease replies. 4. Implementation The virtual networking environment is written in Java. The actors in the network are a Switch, a DhcpServer, and multiple Client objects. Each runs on a separate thread, initialized by a driver class named L2Auth. The driver class sets the stage for attack, and initiates an infinite loop of client-generated traffic. Each client contains an internal ProtocolStack class which handles transmission of frames, while the main thread infinitely loops in a ServerSocket.accept() / frame processing cycle. All frames extend an abstract Frame class. These include ConnectFrame, DataFrame, ArpReply, ArpResponse, DhcpRequest, DhcpResponse, ResolutionRequest, and ResolutionResponse. Classes only contain fields relevant to the simulation, and are not necessarily RFC-compliant. Frames are transmitted over virtual wires, which I implement with real sockets. A SwitchPort class exists for each client connected to the Switch. When a client thread starts, it sends a ConnectFrame to the switch containing the IP and port of the real socket it listens on. The switch maintains a hash table of MAC/SwitchPort associations to enable delivery, analogous to a CAM table in a real switch. The virtual switch implements port security by checking the source MAC of all transmitted frames against the MAC used in the initial ConnectFrame. Clients immediately request an address from the DHCP server. The server returns a free address along with its public key, storing the MAC/IP association in a hash table. Clients send an ArpRequest before transmitting to a host for the first time. A Timer object allows reception of ArpResponse objects for 1 second after the request is sent. If multiple replies are received in this window, a ResolutionRequest is sent to the DHCP server. A side effect of this window is a fixed delay for each ARP request, but is necessary to prevent race conditions and can be fine-tuned to prevent noticeable delays. An entry in the ARP cache is made after a ResolutionResponse is received and its signature Page 3 of 5
4 verified. If a conflict is not resolved, the frame is dropped to prevent transmission to the attacker. Conflicts should always be resolvable if the DHCP server is available. The DHCP server uses the java.security package to generate a 1024-byte RSA key pair. This key length is adequate for proof of concept. Digital signatures use SHA-1/RSA [11]. The DHCP server signs the data portion of all ResolutionResponse frames using its private key. The receiving client verifies the signature using the public key obtained from the DhcpResponse frame. One client is configured as an attacker by the L2Auth driver. A client in attack mode selects two clients on the network and attempts to poison their ARP caches before performing a man-in-the-middle attack. Output for each client is logged to a file, to ease verification of the attack. Using this solution, the attacker is no longer able to poison caches with gratuitous replies. In addition, forged replies transmitted within a client s ARP request window create recognizable conflicts, and a cryptographically verifiable conflict resolution prevents the attacker s forged reply from entering into a client s cache. This solution does not address the possibility of an attacker gaining physical access to a switch or performing a denial of service on a network client or DHCP server, both of which are outside the scope of Layer 2 authentication. Source code is available from [12]. 5. Summary and Future Work Measures against ARP spoofing are essential for securing a local area network. The first step in preventing ARP-based attacks is port security, without which any client can force a switch into broadcast mode and commence sniffing. A client cannot decide on its own which remote client to trust in the event that two ARP replies are received for the same ARP request. ARP is made semi-stateful by creating a window for accepting replies. A modified DHCP server resolves any conflicts occurring within this window and signs all responses to prevent forging resolution replies. The public key used for verification is distributed alongside client address leases. The final result is the ability to authenticate a Layer 2/Layer 3 address mapping. This approach is driven by the desire for a softwareonly solution which is as compatible as possible with existing standards. The implementation exists inside a Java-based virtual networking environment, written to speed development. Attacks based on ARP spoofing were successfully prevented in the simulation. Future work involves implementation on a Linux or BSD system, and modification of a RFC3118-compliant DHCP server. Future work could address the problem in the switch hardware. Handling of ARP replies could be delegated to the switch by extending the CAM table to include IP addresses. External ARP replies could be dropped, making the switch the trusted authority for Layer 2/Layer 3 address mapping. An alternative approach to using an ARP window involves consulting the DHCP server for all ARP requests, at the cost of increased load and dependence on the server. This eliminates the possibility of duplicate replies since only the server can produce a valid signature. This would also prevent an attacker from sending a forged reply to victim B unchallenged by performing a DoS on victim A. A final idea for a simplified solution has clients use the source MAC from the frame header, and not the ARP header, to populate their cache. Since port security shuts down a port if the source MAC changes, an attacker could no longer poison caches. This approach could cause issues with certain networks, such as those using Proxy ARP [13]. Thanks to Sophie Engle for providing figures. References [1] D. Plummer, RFC826: An Ethernet Address Resolution Protocol, IETF [Online document], Nov. 1982, Available HTTP: [2] [3] S. Whalen, An Introduction to ARP Spoofing, Node99 [Online document], Apr. 2001, Available HTTP: [4] [5] A. Stemmer, CAMs Enhance Network Performance, System Design [Online document], Jan. 98, Available HTTP: Page 4 of 5
5 html [6] [7] exploits/macof.sniff.dos.switched.txt [8] S. Convery, Hacking Layer 2: Fun With Ethernet Switches, Blackhat [Online document], 2002, Available HTTP: [9] K. Watson, Solaris Operating Environment Network Settings for Security, Sun [Online document], Dec. 2000, Available HTTP: [10] R. Droms, W. Arbaugh, RFC3118: Authentication for DHCP Messages, IETF [Online document], Jun. 2001, Available HTTP: [11] FIPS PUB 180-1: Secure Hash Standard, NIST [Online document], Apr. 1995, Available HTTP: [12] [13] Cisco Proxy ARP, Cisco [Online document], Mar. 2003, Available HTTP: Page 5 of 5
AN INTRODUCTION TO ARP SPOOFING
AN INTRODUCTION TO ARP SPOOFING April, 2001 Sean Whalen Sophie Engle Dominic Romeo GENERAL INFORMATION Introduction to ARP Spoofing (April 2001) Current Revision: 1.8 Available: http://chocobospore.org
More informationA Framework for Optimizing IP over Ethernet Naming System
www.ijcsi.org 72 A Framework for Optimizing IP over Ethernet Naming System Waleed Kh. Alzubaidi 1, Dr. Longzheng Cai 2 and Shaymaa A. Alyawer 3 1 Information Technology Department University of Tun Abdul
More informationCache poisoning in S-ARP and Modifications
Cache poisoning in S-ARP and Modifications Omkant Pandey Crypto Group Institute of Technology Banaras Hindu University, India omkant.pandey@cse04.itbhu.org Vipul Goyal OSP Global Mumbai India vipulg@cpan.org
More informationExample: Configuring DHCP Snooping and DAI to Protect the Switch from ARP Spoofing Attacks
Example: Configuring DHCP Snooping and DAI to Protect the Switch from ARP Spoofing Attacks In an ARP spoofing attack, the attacker associates its own MAC address with the IP address of a network device
More informationInternetwork Expert s CCNA Security Bootcamp. Mitigating Layer 2 Attacks. Layer 2 Mitigation Overview
Internetwork Expert s CCNA Security Bootcamp Mitigating Layer 2 Attacks http:// Layer 2 Mitigation Overview The network is only as secure as its weakest link If layer 2 is compromised, all layers above
More informationInternet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.
Internet Layers Application Application Transport Transport Network Network Network Network Link Link Link Link Ethernet Fiber Optics Physical Layer Wi-Fi ARP requests and responses IP: 192.168.1.1 MAC:
More informationDELVING INTO SECURITY
DELVING INTO SECURITY Cynthia Omauzo DREU SUMMER 2015 ABSTRACT The goal of this research is to provide another option for securing Neighbor Discovery in IPv6. ARPsec, a security measure created for ARP
More informationCSC 6575: Internet Security Fall Attacks on Different OSI Layer Protocols OSI Layer Basic Attacks at Lower Layers
CSC 6575: Internet Security Fall 2017 Attacks on Different OSI Layer Protocols OSI Layer Basic Attacks at Lower Layers Mohammad Ashiqur Rahman Department of Computer Science College of Engineering Tennessee
More informationP-ARP: A novel enhanced authentication scheme for securing ARP
2011 International Conference on Telecommunication Technology and Applications Proc.of CSIT vol.5 (2011) (2011) IACSIT Press, Singapore P-ARP: A novel enhanced authentication scheme for securing ARP P.
More informationExample: Configuring DHCP Snooping, DAI, and MAC Limiting on an EX Series Switch with Access to a DHCP Server Through a Second Switch
Example: Configuring DHCP Snooping, DAI, and MAC Limiting on an EX Series Switch with Access to a DHCP Server Through a Second Switch Requirements You can configure DHCP snooping, dynamic ARP inspection
More informationChapter 5: Ethernet. Introduction to Networks - R&S 6.0. Cisco Networking Academy. Mind Wide Open
Chapter 5: Ethernet Introduction to Networks - R&S 6.0 Cisco Networking Academy Mind Wide Open Chapter 5 - Sections 5.1 Ethernet Protocol Describe the Ethernet MAC address and frame fields 5.2 LAN Switches
More informationManaging and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer
Managing and Securing Computer Networks Guy Leduc Chapter 7: Securing LANs Computer Networking: A Top Down Approach, 7 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2016. (section 8.8) Also
More informationSecuring ARP and DHCP for mitigating link layer attacks
Sādhanā Vol. 42, No. 12, December 2017, pp. 2041 2053 https://doi.org/10.1007/s12046-017-0749-y Ó Indian Academy of Sciences Securing ARP and DHCP for mitigating link layer attacks OSAMA S YOUNES 1,2 1
More informationARP SPOOFING Attack in Real Time Environment
ARP SPOOFING Attack in Real Time Environment Ronak Sharma 1, Dr. Rashmi Popli 2 1 Deptt. of Computer Engineering, YMCA University of Science and Technology, Haryana (INDIA) 2 Deptt. of Computer Engineering,
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 18: Network Attacks Department of Computer Science and Engineering University at Buffalo 1 Lecture Overview Network attacks denial-of-service (DoS) attacks SYN
More informationCCNA 1 Chapter 5 v5.0 Exam Answers 2013
CCNA 1 Chapter 5 v5.0 Exam Answers 2013 1 2 A host is trying to send a packet to a device on a remote LAN segment, but there are currently no mappings in its ARP cache. How will the device obtain a destination
More informationComputer Forensics: Investigating Network Intrusions and Cybercrime, 2nd Edition. Chapter 2 Investigating Network Traffic
Computer Forensics: Investigating Network Intrusions and Cybercrime, 2nd Edition Chapter 2 Investigating Network Traffic Objectives After completing this chapter, you should be able to: Understand network
More informationWireless Network Security Spring 2016
Wireless Network Security Spring 2016 Patrick Tague Class #11 - Identity Mgmt.; Routing Security 2016 Patrick Tague 1 Class #11 Identity threats and countermeasures Basics of routing in ad hoc networks
More informationNetwork Security. The Art of War in The LAN Land. Mohamed Sabt Univ Rennes, CNRS, IRISA Thursday, September 27th, 2018
Network Security The Art of War in The LAN Land Mohamed Sabt Univ Rennes, CNRS, IRISA Thursday, September 27th, 2018 Part I MAC Attacks MAC Address/CAM Table Review 48 Bit Hexadecimal Number Creates Unique
More informationn Describe sniffing concepts, including active and passive sniffing n Describe sniffing countermeasures n Describe signature analysis within Snort
Outline n Describe sniffing concepts, including active and passive sniffing and protocols susceptible to sniffing n Describe ethical hacking techniques for Layer 2 traffic Chapter #4: n Describe sniffing
More informationWireless Network Security Spring 2015
Wireless Network Security Spring 2015 Patrick Tague Class #10 Network Layer Threats; Identity Mgmt. 2015 Patrick Tague 1 Class #10 Summary of wireless network layer threats Specific threats related to
More information2. What is a characteristic of a contention-based access method?
CCNA 1 Chapter 5 v5.0 Exam Answers 2015 (100%) 1. Which statement is true about MAC addresses? MAC addresses are implemented by software. A NIC only needs a MAC address if connected to a WAN. The first
More informationSwitched environments security... A fairy tale.
Switched environments security... A fairy tale. Cédric Blancher 10 july 2002 Outline 1 Network basics Ethernet basics ARP protocol Attacking LAN Several ways to redirect network
More informationCCNP Switch Questions/Answers Securing Campus Infrastructure
What statement is true about a local SPAN configuration? A. A port can act as the destination port for all SPAN sessions configured on the switch. B. A port can be configured to act as a source and destination
More informationNETWORK INTRUSION. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006
NETWORK INTRUSION Information Security in Systems & Networks Public Development Program Sanjay Goel University at Albany, SUNY Fall 2006 1 Learning Objectives Students should be able to: Recognize different
More informationCIT 380: Securing Computer Systems. Network Security Concepts
CIT 380: Securing Computer Systems Network Security Concepts Topics 1. Protocols and Layers 2. Layer 2 Network Concepts 3. MAC Spoofing 4. ARP 5. ARP Spoofing 6. Network Sniffing Protocols A protocol defines
More informationARP Inspection and the MAC Address Table for Transparent Firewall Mode
ARP Inspection and the MAC Address Table for Transparent Firewall Mode This chapter describes how to customize the MAC address table and configure ARP Inspection for bridge groups. About ARP Inspection
More informationICS 451: Today's plan
ICS 451: Today's plan ICMP ping traceroute ARP DHCP summary of IP processing ICMP Internet Control Message Protocol, 2 functions: error reporting (never sent in response to ICMP error packets) network
More informationUnderstanding Cisco Cybersecurity Fundamentals
210-250 Understanding Cisco Cybersecurity Fundamentals NWExam.com SUCCESS GUIDE TO CISCO CERTIFICATION Exam Summary Syllabus Questions Table of Contents Introduction to 210-250 Exam on Understanding Cisco
More informationIdentifier Binding Attacks and Defenses in Software-Defined Networks
Identifier Binding Attacks and Defenses in Software-Defined Networks Samuel Jero 1, William Koch 2, Richard Skowyra 3, Hamed Okhravi 3, Cristina Nita-Rotaru 4, and David Bigelow 3 1 Purdue University,
More informationARP, IP, TCP, UDP. CS 166: Introduction to Computer Systems Security 4/7/18 ARP, IP, TCP, UDP 1
ARP, IP, TCP, UDP CS 166: Introduction to Computer Systems Security 4/7/18 ARP, IP, TCP, UDP 1 IP and MAC Addresses Devices on a local area network have IP addresses (network layer) MAC addresses (data
More informationSwitching & ARP Week 3
Switching & ARP Week 3 Module : Computer Networks Lecturer: Lucy White lbwhite@wit.ie Office : 324 Many Slides courtesy of Tony Chen 1 Ethernet Using Switches In the last few years, switches have quickly
More informationConfiguring ARP attack protection 1
Contents Configuring ARP attack protection 1 ARP attack protection configuration task list 1 Configuring unresolvable IP attack protection 1 Configuring ARP source suppression 2 Configuring ARP blackhole
More informationAddress Resolution Protocol (ARP), RFC 826
Address Resolution Protocol (ARP), RFC 826 Prof. Lin Weiguo Copyleft 2009~2017, School of Computing, CUC Sept. 2017 ARP & RARP } Note: } The Internet is based on IP addresses } Data link protocols (Ethernet,
More information1 TABLE OF CONTENTS UNCLASSIFIED//LES
1 TABLE OF CONTENTS 2 In troduction...3 2.1 Terminology...3 2.2 Anatomy of the Pivot...3 2.3 Requirements for a Successful Pivot...3 3 Risks and Caveats...4 3.1 Fulcrum Does Not Measure Success or Failure
More informationChapter 5 Reading Organizer After completion of this chapter, you should be able to:
Chapter 5 Reading Organizer After completion of this chapter, you should be able to: Describe the operation of the Ethernet sublayers. Identify the major fields of the Ethernet frame. Describe the purpose
More informationIPv6 migration challenges and Security
IPv6 migration challenges and Security ITU Regional Workshop for the CIS countries Recommendations on transition from IPv4 to IPv6 in the CIS region, 16-18 April 2014 Tashkent, Republic of Uzbekistan Desire.karyabwite@itu.int
More informationARP Inspection and the MAC Address Table
This chapter describes how to customize the MAC address table and configure ARP Inspection for bridge groups. About, page 1 Default Settings, page 2 Guidelines for, page 2 Configure ARP Inspection and
More informationDetecting Sniffers on Your Network
Detecting Sniffers on Your Network Sniffers are typically passive programs They put the network interface in promiscuous mode and listen for traffic They can be detected by programs such as: ifconfig eth0
More information20-CS Cyber Defense Overview Fall, Network Basics
20-CS-5155 6055 Cyber Defense Overview Fall, 2017 Network Basics Who Are The Attackers? Hackers: do it for fun or to alert a sysadmin Criminals: do it for monetary gain Malicious insiders: ignores perimeter
More information6 Chapter 6. Figure 1 Required Unique Addresses
6 Chapter 6 6.1 Public and Private IP Addresses The stability of the Internet depends directly on the uniqueness of publicly used network addresses. In Figure 1 Required Unique Addresses, there is an issue
More informationImplementing Cisco Network Security (IINS) 3.0
Implementing Cisco Network Security (IINS) 3.0 COURSE OVERVIEW: Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles and technologies, using
More informationAn Approach to Addressing ARP Spoof Using a Trusted Server. Yu-feng CHEN and Hao QIN
2017 2nd International Conference on Communications, Information Management and Network Security (CIMNS 2017) ISBN: 978-1-60595-498-1 An Approach to Addressing ARP Spoof Using a Trusted Server Yu-feng
More informationELEC5616 COMPUTER & NETWORK SECURITY
ELEC5616 COMPUTER & NETWORK SECURITY Lecture 17: Network Protocols I IP The Internet Protocol (IP) is a stateless protocol that is used to send packets from one machine to another using 32- bit addresses
More informationDOMAIN NAME SECURITY EXTENSIONS
DOMAIN NAME SECURITY EXTENSIONS The aim of this paper is to provide information with regards to the current status of Domain Name System (DNS) and its evolution into Domain Name System Security Extensions
More informationA DENIAL OF SERVICE ATTACK ON DHCP SERVER AND ITS COUNTERMEASURES
A DENIAL OF SERVICE ATTACK ON DHCP SERVER AND ITS COUNTERMEASURES Ashutosh Satapathy and Jenila Livingston L. M. School of Computing Science and Engineering, Vellore Institute of Technology, Chennai, India
More informationA Review on ICMPv6 Vulnerabilities and its Mitigation Techniques: Classification and Art
2015 IEEE 2015 International Conference on Computer, Communication, and Control Technology (I4CT 2015), April 21-23 in Imperial Kuching Hotel, Kuching, Sarawak, Malaysia A Review on ICMPv6 Vulnerabilities
More information2. Network Infrastructure Security -- Switching
2. Network Infrastructure Security -- Switching This chapter focuses on the network infrastructure security at data link layer, with particular concern on switch security. The goals are not simply to list
More informationVLAN Hopping, ARP Poisoning, and Man-In-TheMiddle Attacks in Virtualized Environments
VLAN Hopping, ARP Poisoning, and Man-In-TheMiddle Attacks in Virtualized Environments Dr. Ronny L. Bull, Ph.D. Utica College Nexus Seminar Series Nov 10th 2017 About Me Ph.D. in Computer Science from Clarkson
More informationOutline NET 412 NETWORK SECURITY PROTOCOLS. Reference: Lecture 7: DNS Security 3/28/2016
Networks and Communication Department NET 412 NETWORK SECURITY PROTOCOLS Lecture 7: DNS Security 2 Outline Part I: DNS Overview of DNS DNS Components DNS Transactions Attack on DNS Part II: DNS Security
More informationFoundations of Network and Computer Security
Foundations of Network and Computer Security John Black Lecture #25 Dec 1 st 2005 CSCI 6268/TLEN 5831, Fall 2005 Announcements Remainder of the semester: Quiz #3 is Today 40 mins instead of 30 mins Next
More informationIPv6 Snooping. Finding Feature Information. Restrictions for IPv6 Snooping
The feature bundles several Layer 2 IPv6 first-hop security features, including IPv6 neighbor discovery inspection, IPv6 device tracking, IPv6 address glean, and IPv6 binding table recovery, to provide
More informationConfiguring ARP attack protection 1
Contents Configuring ARP attack protection 1 ARP attack protection configuration task list 1 Configuring unresolvable IP attack protection 1 Configuring ARP source suppression 2 Configuring ARP blackhole
More informationIPv6 Traffic Hijack Test System and Defense Tools Using DNSSEC
IPv6 Traffic Hijack Test System and Defense Tools Using DNSSEC Lin Tao lintao850711@sina.com Liu Wu liuwu@cernet.edu.cn Duan Haixin dhx@cernet.edu.cn Sun Donghong sdh@cernet.edu.cn Abstract IPv6 is widely
More informationKeywords: ARP Protocol; ARP Cache; ARP Spoofing Attack; Reverse ARP Poisoning, Active IP Probing
American International Journal of Research in Science, Technology, Engineering & Mathematics Available online at http://www.iasir.net ISSN (Print): 2328-3491, ISSN (Online): 2328-3580, ISSN (CD-ROM): 2328-3629
More informationConfiguring Dynamic ARP Inspection
21 CHAPTER This chapter describes how to configure dynamic Address Resolution Protocol inspection (dynamic ARP inspection) on the Catalyst 3560 switch. This feature helps prevent malicious attacks on the
More informationQuestion 7: What are Asynchronous links?
Question 1:.What is three types of LAN traffic? Unicasts - intended for one host. Broadcasts - intended for everyone. Multicasts - intended for an only a subset or group within an entire network. Question2:
More informationFundamental Questions to Answer About Computer Networking, Jan 2009 Prof. Ying-Dar Lin,
Fundamental Questions to Answer About Computer Networking, Jan 2009 Prof. Ying-Dar Lin, ydlin@cs.nctu.edu.tw Chapter 1: Introduction 1. How does Internet scale to billions of hosts? (Describe what structure
More informationR (2) Implementation of following spoofing assignments using C++ multi-core Programming a) IP Spoofing b) Web spoofing.
R (2) N (5) Oral (3) Total (10) Dated Sign Experiment No: 1 Problem Definition: Implementation of following spoofing assignments using C++ multi-core Programming a) IP Spoofing b) Web spoofing. 1.1 Prerequisite:
More informationWhen does it work? Packet Sniffers. INFO Lecture 8. Content 24/03/2009
Packet Sniffers INFO 404 - Lecture 8 24/03/2009 nfoukia@infoscience.otago.ac.nz Definition Sniffer Capabilities How does it work? When does it work? Preventing Sniffing Detection of Sniffing References
More informationNetwork Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. June 18, 2015
Network Security Dr. Ihsan Ullah Department of Computer Science & IT University of Balochistan, Quetta Pakistan June 18, 2015 1 / 19 ARP (Address resolution protocol) poisoning ARP is used to resolve 32-bit
More informationLab1. Definition of Sniffing: Passive Sniffing: Active Sniffing: How Does ARP Spoofing (Poisoning) Work?
Lab1 Definition of Sniffing: A program or device that captures vital information from the network traffic specific to a particular network. Passive Sniffing: It is called passive because it is difficult
More informationSecurity Considerations for IPv6 Networks. Yannis Nikolopoulos
Security Considerations for IPv6 Networks Yannis Nikolopoulos yanodd@otenet.gr Ημερίδα Ενημέρωσης Χρηστών για την Τεχνολογία IPv6 - Αθήνα, 25 Μαίου 2011 Agenda Introduction Major Features in IPv6 IPv6
More information1. IPv6 is the latest version of the TCP/IP protocol. What are some of the important IPv6 requirements?
95 Chapter 7 TCP/IP Protocol Suite and IP Addressing This chapter presents an overview of the TCP/IP Protocol Suite. It starts with the history and future of TCP/IP, compares the TCP/IP protocol model
More informationSecuring Wireless Networks by By Joe Klemencic Mon. Apr
http://www.cymru.com/ Securing Wireless Networks by By Joe Klemencic (faz@home.com) Mon. Apr 30 2001 Many companies make attempts to embrace new technologies, but unfortunately, many of these new technologies
More informationExample: Configuring IP Source Guard with Other EX Series Switch Features to Mitigate Address-Spoofing Attacks on Untrusted Access Interfaces
Example: Configuring IP Source Guard with Other EX Series Switch Features to Mitigate Address-Spoofing Attacks on Untrusted Access Interfaces Requirements Ethernet LAN switches are vulnerable to attacks
More informationCYBER ATTACKS EXPLAINED: PACKET SPOOFING
CYBER ATTACKS EXPLAINED: PACKET SPOOFING Last month, we started this series to cover the important cyber attacks that impact critical IT infrastructure in organisations. The first was the denial-of-service
More informationStream Control Transmission Protocol - Wikipedia, the free encyclopedia
Page 1 of 9 Stream Control Transmission Protocol From Wikipedia, the free encyclopedia In the field of The five-layer TCP/IP model 5. Application layer DHCP DNS FTP Gopher HTTP IMAP4 IRC NNTP XMPP MIME
More informationExample: Configuring IP Source Guard on a Data VLAN That Shares an Interface with a Voice VLAN
Example: Configuring IP Source Guard on a Data VLAN That Shares an Interface with a Voice VLAN Requirements Ethernet LAN switches are vulnerable to attacks that involve spoofing (forging) of source IP
More informationCS Paul Krzyzanowski
The Internet Packet switching: store-and-forward routing across multiple physical networks... across multiple organizations Computer Security 11. Network Security ISP Paul Krzyzanowski Rutgers University
More informationNetworking interview questions
Networking interview questions What is LAN? LAN is a computer network that spans a relatively small area. Most LANs are confined to a single building or group of buildings. However, one LAN can be connected
More informationFixed Internetworking Protocols and Networks. IP mobility. Rune Hylsberg Jacobsen Aarhus School of Engineering
Fixed Internetworking Protocols and Networks IP mobility Rune Hylsberg Jacobsen Aarhus School of Engineering rhj@iha.dk 1 2011 ITIFN Mobile computing Vision Seamless, ubiquitous network access for mobile
More informationSelected Network Security Technologies
Selected Network Security Technologies Petr Grygárek rek Agenda: Security in switched networks Control Plane Policing 1 Security in Switched Networks 2 Switch Port Security Static MAC addresses assigned
More informationConfiguring Dynamic ARP Inspection
Finding Feature Information, page 1 Restrictions for Dynamic ARP Inspection, page 1 Understanding Dynamic ARP Inspection, page 3 Default Dynamic ARP Inspection Configuration, page 6 Relative Priority of
More informationDNS Cache Poisoning Looking at CERT VU#800113
DNS Cache Poisoning Looking at CERT VU#800113 Nadhem J. AlFardan Consulting Systems Engineer Cisco Systems ANOTHER BORING DNS ISSUE Agenda DNS Poisoning - Introduction Looking at DNS Insufficient Socket
More informationNetwork Security and Cryptography. 2 September Marking Scheme
Network Security and Cryptography 2 September 2015 Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers to the questions,
More informationMan in the Middle Attacks and Secured Communications
FEBRUARY 2018 Abstract This document will discuss the interplay between Man in The Middle (MiTM/ MITM) attacks and the security technologies that are deployed to prevent them. The discussion will follow
More informationEnhance the Security and Performance of IP over Ethernet Networks by Reduction the Naming System Design
Enhance the Security and Performance of IP over Ethernet Networks by Reduction the Naming System Design Waleed Kh. Alzubaidi Information Technology Department University Tun Abdul Razak Selangor,46150,
More informationRuijie Anti-ARP Spoofing
White Paper Contents Introduction... 3 Technical Principle... 4 ARP...4 ARP Spoofing...5 Anti-ARP Spoofing Solutions... 7 Non-Network Device Solutions...7 Solutions...8 Application Cases of Anti-ARP Spoofing...11
More informationStream Control Transmission Protocol (SCTP)
Stream Control Transmission Protocol (SCTP) Definition Stream control transmission protocol (SCTP) is an end-to-end, connectionoriented protocol that transports data in independent sequenced streams. SCTP
More informationTable of Contents 1 IPv6 Configuration IPv6 Application Configuration 2-1
Table of Contents 1 IPv6 Configuration 1-1 IPv6 Overview 1-1 IPv6 Features 1-1 Introduction to IPv6 Address 1-2 Introduction to IPv6 Neighbor Discovery Protocol 1-5 Introduction to ND Snooping 1-7 Introduction
More informationIPv6 Associated Protocols. Athanassios Liakopoulos 6DEPLOY IPv6 Training, Skopje, June 2011
IPv6 Associated Protocols Athanassios Liakopoulos (aliako@grnet.gr) 6DEPLOY IPv6 Training, Skopje, June 2011 Copy... Rights This slide set is the ownership of the 6DEPLOY project via its partners The Powerpoint
More informationMuhammad Farooq-i-Azam CHASE-2006 Lahore
Muhammad Farooq-i-Azam CHASE-2006 Lahore Overview Theory Existing Sniffers in action Switched Environment ARP Protocol and Exploitation Develop it yourself 2 Network Traffic Computers and network devices
More informationComputer Network Routing Challenges Associated to Tackle Resolution Protocol
Computer Network Routing Challenges Associated to Tackle Resolution Protocol Manju Bala IP College for Women, Department of Computer Science manjugpm@gmail.com Charvi Vats Dept. Of Comp. SC., IP College
More informationActual4Test. Actual4test - actual test exam dumps-pass for IT exams
Actual4Test http://www.actual4test.com Actual4test - actual test exam dumps-pass for IT exams Exam : 200-125 Title : CCNA Cisco Certified Network Associate CCNA (v3.0) Vendor : Cisco Version : DEMO Get
More informationDefeating All Man-in-the-Middle Attacks
Defeating All Man-in-the-Middle Attacks PrecisionAccess Vidder, Inc. Defeating All Man-in-the-Middle Attacks 1 Executive Summary The man-in-the-middle attack is a widely used and highly preferred type
More informationComputer Security. 11. Network Security. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 11. Network Security Paul Krzyzanowski Rutgers University Spring 2018 April 15, 2018 CS 419 2018 Paul Krzyzanowski 1 The Internet Packet switching: store-and-forward routing across multiple
More informationWireless Network Security
Wireless Network Security Why wireless? Wifi, which is short for wireless fi something, allows your computer to connect to the Internet using magic. -Motel 6 commercial 2 but it comes at a price Wireless
More informationSecure Neighbor Discovery. By- Pradeep Yalamanchili Parag Walimbe
Secure Neighbor Discovery By- Pradeep Yalamanchili Parag Walimbe Overview Neighbor Discovery Protocol (NDP) Main Functions of NDP Secure Neighbor Discovery (SEND) Overview Types of attacks. NDP Nodes on
More informationCIS 5373 Systems Security
CIS 5373 Systems Security Topic 4.1: Network Security Basics Endadul Hoque Slide Acknowledgment Contents are based on slides from Cristina Nita-Rotaru (Northeastern) 2 Network Security INTRODUCTION 3 What
More informationMonitoring the Device
The system includes dashboards and an Event Viewer that you can use to monitor the device and traffic that is passing through the device. Enable Logging to Obtain Traffic Statistics, page 1 Monitoring
More informationOperation Manual DHCP H3C S5500-SI Series Ethernet Switches. Table of Contents. Table of Contents
Table of Contents Table of Contents Chapter 1 DHCP Overview... 1-1 1.1 Introduction to DHCP... 1-1 1.2 DHCP Address Allocation... 1-1 1.2.1 Allocation Mechanisms... 1-1 1.2.2 Dynamic IP Address Allocation
More informationUnit C - Network Addressing Objectives Purpose of an IP Address and Subnet Mask Purpose of an IP Address and Subnet Mask
1 2 3 4 5 6 7 8 9 10 Unit C - Network Addressing Objectives Describe the purpose of an IP address and Subnet Mask and how they are used on the Internet. Describe the types of IP Addresses available. Describe
More informationNetwork Security. Thierry Sans
Network Security Thierry Sans HTTP SMTP DNS BGP The Protocol Stack Application TCP UDP Transport IPv4 IPv6 ICMP Network ARP Link Ethernet WiFi The attacker is capable of confidentiality integrity availability
More informationSECURE ROUTER DISCOVERY MECHANISM TO OVERCOME MAN-IN THE MIDDLE ATTACK IN IPV6 NETWORK
1 SECURE ROUTER DISCOVERY MECHANISM TO OVERCOME MAN-IN THE MIDDLE ATTACK IN IPV6 NETWORK Navaneethan C. Arjuman nava@nav6.usm.my National Advanced IPv6 Centre, Universiti Sains Malaysia March 2018 Copyright
More informationConfiguring IPv4. Finding Feature Information. This chapter contains the following sections:
This chapter contains the following sections: Finding Feature Information, page 1 Information About IPv4, page 2 Virtualization Support for IPv4, page 6 Licensing Requirements for IPv4, page 6 Prerequisites
More informationPLEASE READ CAREFULLY BEFORE YOU START
Page 1 of 11 MIDTERM EXAMINATION #1 OCT. 16, 2013 COMPUTER NETWORKS : 03-60-367-01 U N I V E R S I T Y O F W I N D S O R S C H O O L O F C O M P U T E R S C I E N C E Fall 2013-75 minutes This examination
More informationPROTECTING INFORMATION ASSETS NETWORK SECURITY
PROTECTING INFORMATION ASSETS NETWORK SECURITY PAUL SMITH 20 years of IT experience (desktop, servers, networks, firewalls.) 17 years of engineering in enterprise scaled networks 10+ years in Network Security
More informationIntroduction to DHCP. DHCP Overview
Table of Contents Introduction to DHCP 1 DHCP Overview 1 DHCP Address Allocation 2 Allocation Mechanisms 2 Dynamic IP Address Allocation Process 2 DHCP Message Format 3 Protocols and Standards 4 DHCP Server
More informationInternet Engineering Task Force (IETF) Category: Standards Track. J. Halpern Ericsson E. Levy-Abegnoli, Ed. Cisco February 2017
Internet Engineering Task Force (IETF) Request for Comments: 8074 Category: Standards Track ISSN: 2070-1721 J. Bi Tsinghua University G. Yao Tsinghua University/Baidu J. Halpern Ericsson E. Levy-Abegnoli,
More information