Skip to main content
arp spoofing

Arp Spoofing Attacks and how to avoid them

A network switch doesn’t forward packets to everyone in the network the same way as a network hub do, and so theoretically a person in the network cannot look at other person’s traffic.
Right???   Wrong!!!!!!!

There are ways to get through this «problem» One of them is by performing arp spoofing.

 

What is an Arp Spoofing?

ARP spoofing  is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker’s MAC address with the IP address of a legitimate computer or server on the network.

TIP: How arp protocol works

In our Lab experiment we are using the Raspberry Pi 3 to play the role of the attacker.

 

For those who don’t know what is the Raspberry Pi 3

The Raspberry PI 3 is a small factor and portable PC (56,5 mm x 85,6 mm). It can be operate with a power bank for over 2 hours and uses microSD. Finally it can be connected to a network with a cable or wireless.

 

 

 

 

 

On our «little toy» we use KALI LINUX as an Operating System.

Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. It contains several hundred tools which are geared towards various information security tasks, such as Penetration Testing, Security research, Computer Forensics and Reverse Engineering. Kali Linux is developed, funded and maintained by Offensive Security, a leading information security training company.

 

But enough with the theory.
Lets dive in to explain how easy it is for anyone to intercept sensitive information.
Furthermore why we must always use websites and services that have SSL/TLS encryption .

The IP of the victim PC is 192.168.32.203 and our router’s IP is 192.168.32.1. We open two shells on kali and run simultaneously the below commands.

arpspoof -t 192.168.32.203 192.168.32.1
arpspoof -t 192.168.32.1 192.168.32.203

– The first command tells the victim that we are the router (Raspberry).
– The second command tells the router that we are the victim.
Doing so all the traffic from the victim pc heading to the router and vice-versa will go through our station.

 

 

 

 

 

 

 

 

The next step is to run the command tcpdump -w tomas_arp_test.pcap. With the specific command we will capture all the traffic between the pc and the router and write it in a file so we can process it later with wireshark.

With this in place we open a browser on the pc and try to login and then fill out a contact form on unsecured web pages .

1.

2.

In screenshot 1 we try to login to a website and in screenshot 2 we fill out a contact form.

Now we take our pcap file and open it with wireshark and voila….

Our username: info@tpolemis.com and our password: qwerty12345

And here are our private data that we typed in the contact form.

So whats the verdict thomas?

  1. Always use security suites and not just an antivirus. This kind of products can detect attacks like the one i show you and protect you.
  2. Never type your sensitive data on sites that do not use some kind of encryption. Always check for the green lock in the top left corner of your browser.
  3.  Watch the Snowden movie. 😉 😉 😉 😉

See u out there………

 

 

Thomas Polemis

System @ Network Administrator | Azure Infrastructure Solutions Specialist

Αφήστε μια απάντηση

Η ηλ. διεύθυνσή σας δεν δημοσιεύεται.