Presentation is loading. Please wait.

Presentation is loading. Please wait.

MAN-IN-THE-MIDDLE ATTACK STEGANOGRAPHY Lab#7. 5-2 MAC Addresses and ARP  32-bit IP address:  network-layer address  used to get datagram to destination.

Published bySharyl Benson Modified over 7 years ago

Similar presentations

Presentation on theme: "MAN-IN-THE-MIDDLE ATTACK STEGANOGRAPHY Lab#7. 5-2 MAC Addresses and ARP  32-bit IP address:  network-layer address  used to get datagram to destination."— Presentation transcript:

1 MAN-IN-THE-MIDDLE ATTACK STEGANOGRAPHY Lab#7

2 5-2 MAC Addresses and ARP  32-bit IP address:  network-layer address  used to get datagram to destination IP subnet  MAC (or LAN or physical or Ethernet) address:  Data link layer address  used to get datagram from one interface to another physically-connected interface (same network)  48 bit MAC address (for most LANs) burned in the adapter ROM  Some Network interface cards (NICs) can change their MAC

3 5-3 ARP: Address Resolution Protocol  Each IP node (Host, Router) on LAN has ARP table  ARP Table: IP/MAC address mappings for some LAN nodes  TTL (Time To Live): time after which address mapping will be forgotten (typically 20 min) Question: how to determine MAC address of host B when knowing B’s IP address? 1A-2F-BB-76-09-AD 58-23-D7-FA-20-B0 0C-C4-11-6F-E3-98 71-65-F7-2B-08-53 LAN 237.196.7.23 237.196.7.78 237.196.7.14 237.196.7.88

4 ARP  ARP works by broadcasting requests and caching responses for future use  The protocol begins with a computer broadcasting a message of the form who has tell  When the machine with or an ARP server receives this message, its broadcasts the response is  The requestor’s IP address is contained in the link header  The Linux and Windows command arp - a displays the ARP table Internet Address Physical Address Type 128.148.31.1 00-00-0c-07-ac-00 dynamic 128.148.31.15 00-0c-76-b2-d7-1d dynamic 128.148.31.71 00-0c-76-b2-d0-d2 dynamic 128.148.31.75 00-0c-76-b2-d7-1d dynamic 128.148.31.102 00-22-0c-a3-e4-00 dynamic 128.148.31.137 00-1d-92-b6-f1-a9 dynamic

5 ARP Spoofing  The ARP table is updated whenever an ARP response is received  Requests are not tracked  ARP announcements are not authenticated  Machines trust each other  A rogue machine can spoof other machines

6 ARP Poisoning (ARP Spoofing)  According to the standard, almost all ARP implementations are stateless  An arp cache updates every time that it receives an arp reply… even if it did not send any arp request!  It is possible to “poison” an arp cache by sending gratuitous arp replies

7 ARP Caches IP: 192.168.1.1 MAC: 00:11:22:33:44:01 IP: 192.168.1.105 MAC: 00:11:22:33:44:02 ARP Cache 192.168.1.10500:11:22:33:44:02 ARP Cache 192.168.1.100:11:22:33:44:01 Data 192.168.1.1 is at 00:11:22:33:44:01 192.168.1.105 is at 00:11:22:33:44:02

8 Poisoned ARP Caches (man-in-the-middle attack) 192.168.1.105 is at 00:11:22:33:44:03 Poisoned ARP Cache 192.168.1.100:11:22:33:44:03 Poisoned ARP Cache 192.168.1.10500:11:22:33:44:03 Data 192.168.1.1 is at 00:11:22:33:44:03 192.168.1.1 00:11:22:33:44:01 192.168.1.105 00:11:22:33:44:02 192.168.1.106 00:11:22:33:44:03

9 ARP Spoofing  Using static entries solves the problem but it is almost impossible to manage!  Check multiple occurrence of the same MAC  i.e., One MAC mapping to multiple IP addresses (see previous slide’s example)  Software detection solutions  Anti-arpspoof, Xarp, Arpwatch

10 Ettercap  Ettercap is a freely available program that can be used to exploit the weakness of the ARP protocol.  While it can be used by attackers to launch MITM attacks, it can also be used to monitor the network  and detect if there are poisoners on the network.

11 Lab objectives  At the end of this lab, you’ll be able to Define ARP poisoning and man-in-the-middle attacks.  Explain how Ettercap can be used to execute an MITM attack.  Describe the attack signature of an MITM attack.

12 Steganography

13  The term steganography comes from the Greek word steganos, which means “hidden” or “covered.”  Steganography is the hiding of information. Unlike cryptography, the information is not scrambled or encoded—it is simply hidden.  On a computer system, steganography will hide one file inside another.  Most often a text file will be hidden in an image or an MP3 file. This ability to hide information, sometimes in plain sight, poses a significant threat to the confidentiality of information.  In this lab, you will create a text file with sensitive information and hide it in an image file, and then post it to a web site.

14 Lab objectives  Explain what steganography is.  Describe the process of hiding information.

15 DNS Spoofing

16 Domain names  The existing internet domain name space, however, is a structural system divided into seven top-level domains:  Com: commercial organizations.  Edu: Educational organizations.  Gov : Government organizations  Mil : Military organizations  Net : Networking organizations  Org : noncommercial organizations

17 Domain zones  The domain name space structure is said to be similar to a tree, as the top level domains are divided into other sub-domains each domain consists of several zones  Name servers generally have complete information about some part of the domain name space, called a zone, which they load from a file or from another name server. The name server is then said to have authority for that zone.

18 Domain names and zones

19 DNS  Translation of a domain name into an equivalent IP address is called name resolution and it is the main purpose of the DNS protocol.  A host asking for DNS name resolution is called a resolver.  if the requested host name is contained by the name server’s database, the server is said to be an authority for that host.  When an incoming request specifies a name for which a server is an authority, the server answers the request directly by looking for the name in its local database.

20

21 Recursive vs. iterative  if the name was out of the server authority two approaches are used to dealing with this problem.  ‘recursive’ in which the server pursues the query for the client at another server,  ‘iterative’ in which the server refers the client to another server and let the client pursue the query.

22

23 Type  Each question has a query type and a query ID, and each response has an answer type.  The most common query type is an A type. which names that an IP address is desired for the requeried name?  The NS name is made to find out the authoritive name server for a domain.  AXFR type request from the secondary DNS to a primary to update the secondary database.

24 DNS Caching  Caching is expected to improve the overall responsiveness of the system by ensuring that answers to questions are known and stored locally and that the query load placed on the authoritative servers is minimized.  So the next time you are requesting the same domain.com address, it instantly returns the answer, without having to contact your ISP's DNS server to ask it for the translation

25 DNS Forwarding  Forwarding  Even a caching name server does not necessarily perform the complete recursive lookup itself, Instead it can forward some or all of the queries that are cannot satisfy from its cache to another caching name server, commonly referred to as a forwarde

26  http://williams.comp.ncat.edu/IA_visualization_labs/security_visual_tools/SYNFloodDemo/SFattack.swf http://williams.comp.ncat.edu/IA_visualization_labs/security_visual_tools/SYNFloodDemo/SFattack.swf  http://williams.comp.ncat.edu/IA_visualization_labs/security_visual_tools/SYNFloodDemo/Prevent.swf http://williams.comp.ncat.edu/IA_visualization_labs/security_visual_tools/SYNFloodDemo/Prevent.swf  http://williams.comp.ncat.edu/IA_visualization_labs/security_visual_tools/SYNFloodDemo/Mainmenu.swf http://williams.comp.ncat.edu/IA_visualization_labs/security_visual_tools/SYNFloodDemo/Mainmenu.swf  http://williams.comp.ncat.edu/IA_visualization_labs/security_visual_tools/packet_sniffer/packet_sniffer_de mo.html http://williams.comp.ncat.edu/IA_visualization_labs/security_visual_tools/packet_sniffer/packet_sniffer_de mo.html  http://scisweb.ulster.ac.uk/~kevin/com320/labs/wireshark/lab-DNS.pdf http://scisweb.ulster.ac.uk/~kevin/com320/labs/wireshark/lab-DNS.pdf  http://users.ece.gatech.edu/owen/Academic/ECE4112/Spring2004/lab3.pdf http://users.ece.gatech.edu/owen/Academic/ECE4112/Spring2004/lab3.pdf  http://www.dev-point.com/vb/t302098.html http://www.dev-point.com/vb/t302098.html  http://www.cisco.com/c/dam/en/us/products/collateral/interfaces-modules/services- modules/prod_presentation0900aecd805c756c.pdf http://www.cisco.com/c/dam/en/us/products/collateral/interfaces-modules/services- modules/prod_presentation0900aecd805c756c.pdf  http://www.macs.hw.ac.uk/~hwloidl/Courses/F21CN/Labs/CryptoI/Crypto_Encryption.pdf http://www.macs.hw.ac.uk/~hwloidl/Courses/F21CN/Labs/CryptoI/Crypto_Encryption.pdf  http://blog.pluralsight.com/videos/ethical-hacking-how-to-create-a-dos-attack http://blog.pluralsight.com/videos/ethical-hacking-how-to-create-a-dos-attack

Download ppt "MAN-IN-THE-MIDDLE ATTACK STEGANOGRAPHY Lab#7. 5-2 MAC Addresses and ARP  32-bit IP address:  network-layer address  used to get datagram to destination."

Similar presentations

Communication Networks (0368-3030) / Spring 2011 The Blavatnik School of Computer Science, Tel-Aviv University Allon Wagner.

Communication Networks ( ) / Spring 2011 The Blavatnik School of Computer Science, Tel-Aviv University Allon Wagner.
1 Address Resolution Protocol (ARP) Relates to Lab 2. This module is about the address resolution protocol.

1 Address Resolution Protocol (ARP) Relates to Lab 2. This module is about the address resolution protocol.
Chapter 5 Link Layer Computer Networking: A Top Down Approach 6th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these.

Chapter 5 Link Layer Computer Networking: A Top Down Approach 6th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these.
Media Access Control (MAC) addresses in the network access layer ▫ Associated w/ network interface card (NIC) ▫ 48 bits or 64 bits IP addresses for the.

Media Access Control (MAC) addresses in the network access layer ▫ Associated w/ network interface card (NIC) ▫ 48 bits or 64 bits IP addresses for the.
Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.

Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.
Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.

Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.
Oct 21, 2004CS573: Network Protocols and Standards1 IP: Addressing, ARP, Routing Network Protocols and Standards Autumn 2004-2005.

Oct 21, 2004CS573: Network Protocols and Standards1 IP: Addressing, ARP, Routing Network Protocols and Standards Autumn
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Application Layer At long last we can ask the question - how does the user interface with the network?

Application Layer At long last we can ask the question - how does the user interface with the network?
Domain Name System: DNS

Domain Name System: DNS
16 – CSMA/CD - ARP Network Layer4-1. 5: DataLink Layer5-2 CSMA (Carrier Sense Multiple Access) CSMA: listen before transmit: If channel sensed idle: transmit.

16 – CSMA/CD - ARP Network Layer4-1. 5: DataLink Layer5-2 CSMA (Carrier Sense Multiple Access) CSMA: listen before transmit: If channel sensed idle: transmit.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)
IP Address Allocation, Resolution CIS 81 and CST 311 Rick Graziani Cabrillo College Spring 2006.

IP Address Allocation, Resolution CIS 81 and CST 311 Rick Graziani Cabrillo College Spring 2006.
IP Address 0 network host 10 network host 110 networkhost 1110 multicast address A B C D class 1.0.0.0 to 127.255.255.255 128.0.0.0 to 191.255.255.255.

IP Address 0 network host 10 network host 110 networkhost 1110 multicast address A B C D class to to
TCP/IP Protocol Suite 1 Chapter 17 Upon completion you will be able to: Domain Name System: DNS Understand how the DNS is organized Know the domains in.

TCP/IP Protocol Suite 1 Chapter 17 Upon completion you will be able to: Domain Name System: DNS Understand how the DNS is organized Know the domains in.
DNS. Outline r Domain Name System r DNS Hierarchy r Resolution.

DNS. Outline r Domain Name System r DNS Hierarchy r Resolution.
Chapter 25 Domain Name System

Chapter 25 Domain Name System
11.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,

11.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
NET0183 Networks and Communications Lecture 25 DNS Domain Name System 8/25/20091 NET0183 Networks and Communications by Dr Andy Brooks.

NET0183 Networks and Communications Lecture 25 DNS Domain Name System 8/25/20091 NET0183 Networks and Communications by Dr Andy Brooks.
CS 4396 Computer Networks Lab

CS 4396 Computer Networks Lab

Similar presentations

Ads by Google