MAN-IN-THE-MIDDLE ATTACK STEGANOGRAPHY Lab#7. 5-2 MAC Addresses and ARP  32-bit IP address:  network-layer address  used to get datagram to destination.

Slides:



Advertisements
Similar presentations
Communication Networks ( ) / Spring 2011 The Blavatnik School of Computer Science, Tel-Aviv University Allon Wagner.
Advertisements

1 Address Resolution Protocol (ARP) Relates to Lab 2. This module is about the address resolution protocol.
Chapter 5 Link Layer Computer Networking: A Top Down Approach 6th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these.
Media Access Control (MAC) addresses in the network access layer ▫ Associated w/ network interface card (NIC) ▫ 48 bits or 64 bits IP addresses for the.
Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.
Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.
Oct 21, 2004CS573: Network Protocols and Standards1 IP: Addressing, ARP, Routing Network Protocols and Standards Autumn
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Application Layer At long last we can ask the question - how does the user interface with the network?
Domain Name System: DNS
16 – CSMA/CD - ARP Network Layer4-1. 5: DataLink Layer5-2 CSMA (Carrier Sense Multiple Access) CSMA: listen before transmit: If channel sensed idle: transmit.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)
IP Address Allocation, Resolution CIS 81 and CST 311 Rick Graziani Cabrillo College Spring 2006.
IP Address 0 network host 10 network host 110 networkhost 1110 multicast address A B C D class to to
TCP/IP Protocol Suite 1 Chapter 17 Upon completion you will be able to: Domain Name System: DNS Understand how the DNS is organized Know the domains in.
DNS. Outline r Domain Name System r DNS Hierarchy r Resolution.
Chapter 25 Domain Name System
11.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
NET0183 Networks and Communications Lecture 25 DNS Domain Name System 8/25/20091 NET0183 Networks and Communications by Dr Andy Brooks.
CS 4396 Computer Networks Lab
1 Domain Name System (DNS). 2 DNS: Domain Name System Internet hosts: – IP address (32 bit) - used for addressing datagrams – “name”, e.g.,
Domain Name System (DNS)
Chapter 16 – DNS. DNS Domain Name Service This service allows client machines to resolve computer names (domain names) to IP addresses DNS works at the.
Network Layer – Subnetting and Control Protocols Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS School of Computing,
Introduction1-1 Data Communications and Computer Networks Chapter 5 CS 3830 Lecture 26 Omar Meqdadi Department of Computer Science and Software Engineering.
Network LayerII-1 RSC Part II: Network Layer 4. IP in operation Redes y Servicios de Comunicaciones Universidad Carlos III de Madrid These slides are,
Domain names and IP addresses Resolver and name server DNS Name hierarchy Domain name system Domain names Top-level domains Hierarchy of name servers.
Computer Networks. IP Addresses Before we communicate with a computer on the network we have to be able to identify it. Every computer on a network must.
DNS: Domain Name System
DNS (Domain Name System) Protocol On the Internet, the DNS associates various sorts of information with domain names. A domain name is a meaningful and.
IP Address Allocation, Resolution. Address Allocation.
1 DNS: Domain Name System People: many identifiers: m SSN, name, Passport # Internet hosts, routers: m IP address (32 bit) - used for addressing datagrams.
Chapter 17 Domain Name System
1 Application Layer Lecture 6 Imran Ahmed University of Management & Technology.
COMT 6251 Network Layers COMT Overview IP and general Internet Operations Address Mapping ATM LANs Other network protocols.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 6: Name Resolution.
Chapter 29 Domain Name System (DNS) Allows users to reference computer names via symbolic names translates symbolic host names into associated IP addresses.
October 8, 2015 University of Tulsa - Center for Information Security Microsoft Windows 2000 DNS October 8, 2015.
NUS.SOC.CS2105 Ooi Wei Tsang Application Transport Network Link Physical you are here.
Naming March 8, Networks What is naming?  Associations between some elements in a set of names and some elements in a set of values  Binding.
1 Kyung Hee University Chapter 18 Domain Name System.
CPSC 441: DNS 1. DNS: Domain Name System Internet hosts: m IP address (32 bit) - used for addressing datagrams m “name”, e.g., - used by.
1 Network Administration Module 3 ARP/RARP. 2 Address Resolution The problem Physical networks use physical addresses, not IP addresses Need the physical.
EE 122: Lecture 20 (Domain Name Server - DNS) Ion Stoica Nov 15, 2001 (* based on the some on-line slides of J. Kurose & K. Rose and of Raj Jain)
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)
CSIT 220 (Blum)1 ARP Based on Computer Networks and Internets (Comer)
DNS Security 1. Fundamental Problems of Network Security Internet was designed without security in mind –Initial design focused more on how to make it.
CS470 Computer Networking Protocols Huiping Guo Department of Computer Science California State University, Los Angeles 4. Internetworking.
Web Server Administration Chapter 4 Name Resolution.
EEC-484/584 Computer Networks Lecture 14 Wenbing Zhao
1. Internet hosts:  IP address (32 bit) - used for addressing datagrams  “name”, e.g., ww.yahoo.com - used by humans DNS: provides translation between.
Address Resolution Protocol (ARP). Internet and Data Link Layer Addresses Each host and router on a subnet needs a data link layer address to specify.
TCP/IP Protocol Suite 1 Chapter 17 Upon completion you will be able to: Domain Name System: DNS Understand how the DNS is organized Know the domains in.
Address Resolution Protocol Yasir Jan 20 th March 2008 Future Internet.
CSEN 404 Data Link Layer Amr El Mougy Lamia AlBadrawy.
4: DataLink Layer1 LAN technologies Data link layer so far: m services, error detection/correction, multiple access Next: LAN technologies m addressing.
CPSC 441: Link Layer1 Link Layer Addressing Slides originally from Carey Williamson Notes derived from “ Computer Networking: A Top Down Approach”, by.
Introduction to Networks
Behrouz A. Forouzan TCP/IP Protocol Suite, 3rd Ed.
Address Resolution Protocol (ARP)
IP: Addressing, ARP, Routing
MAC Addresses and ARP 32-bit IP address:
ARP and RARP Objectives Chapter 7 Upon completion you will be able to:
ARP: Address Resolution Protocol
Computer Networks 9/17/2018 Computer Networks.
Net 323: NETWORK Protocols
EE 122: Domain Name Server (DNS)
Address Resolution Protocol (ARP)
Introduction to Networks
Domain Name System: DNS
Presentation transcript:

MAN-IN-THE-MIDDLE ATTACK STEGANOGRAPHY Lab#7

5-2 MAC Addresses and ARP  32-bit IP address:  network-layer address  used to get datagram to destination IP subnet  MAC (or LAN or physical or Ethernet) address:  Data link layer address  used to get datagram from one interface to another physically-connected interface (same network)  48 bit MAC address (for most LANs) burned in the adapter ROM  Some Network interface cards (NICs) can change their MAC

5-3 ARP: Address Resolution Protocol  Each IP node (Host, Router) on LAN has ARP table  ARP Table: IP/MAC address mappings for some LAN nodes  TTL (Time To Live): time after which address mapping will be forgotten (typically 20 min) Question: how to determine MAC address of host B when knowing B’s IP address? 1A-2F-BB AD D7-FA-20-B0 0C-C4-11-6F-E F7-2B LAN

ARP  ARP works by broadcasting requests and caching responses for future use  The protocol begins with a computer broadcasting a message of the form who has tell  When the machine with or an ARP server receives this message, its broadcasts the response is  The requestor’s IP address is contained in the link header  The Linux and Windows command arp - a displays the ARP table Internet Address Physical Address Type c-07-ac-00 dynamic c-76-b2-d7-1d dynamic c-76-b2-d0-d2 dynamic c-76-b2-d7-1d dynamic c-a3-e4-00 dynamic d-92-b6-f1-a9 dynamic

ARP Spoofing  The ARP table is updated whenever an ARP response is received  Requests are not tracked  ARP announcements are not authenticated  Machines trust each other  A rogue machine can spoof other machines

ARP Poisoning (ARP Spoofing)  According to the standard, almost all ARP implementations are stateless  An arp cache updates every time that it receives an arp reply… even if it did not send any arp request!  It is possible to “poison” an arp cache by sending gratuitous arp replies

ARP Caches IP: MAC: 00:11:22:33:44:01 IP: MAC: 00:11:22:33:44:02 ARP Cache :11:22:33:44:02 ARP Cache :11:22:33:44:01 Data is at 00:11:22:33:44: is at 00:11:22:33:44:02

Poisoned ARP Caches (man-in-the-middle attack) is at 00:11:22:33:44:03 Poisoned ARP Cache :11:22:33:44:03 Poisoned ARP Cache :11:22:33:44:03 Data is at 00:11:22:33:44: :11:22:33:44: :11:22:33:44: :11:22:33:44:03

ARP Spoofing  Using static entries solves the problem but it is almost impossible to manage!  Check multiple occurrence of the same MAC  i.e., One MAC mapping to multiple IP addresses (see previous slide’s example)  Software detection solutions  Anti-arpspoof, Xarp, Arpwatch

Ettercap  Ettercap is a freely available program that can be used to exploit the weakness of the ARP protocol.  While it can be used by attackers to launch MITM attacks, it can also be used to monitor the network  and detect if there are poisoners on the network.

Lab objectives  At the end of this lab, you’ll be able to Define ARP poisoning and man-in-the-middle attacks.  Explain how Ettercap can be used to execute an MITM attack.  Describe the attack signature of an MITM attack.

Steganography

 The term steganography comes from the Greek word steganos, which means “hidden” or “covered.”  Steganography is the hiding of information. Unlike cryptography, the information is not scrambled or encoded—it is simply hidden.  On a computer system, steganography will hide one file inside another.  Most often a text file will be hidden in an image or an MP3 file. This ability to hide information, sometimes in plain sight, poses a significant threat to the confidentiality of information.  In this lab, you will create a text file with sensitive information and hide it in an image file, and then post it to a web site.

Lab objectives  Explain what steganography is.  Describe the process of hiding information.

DNS Spoofing

Domain names  The existing internet domain name space, however, is a structural system divided into seven top-level domains:  Com: commercial organizations.  Edu: Educational organizations.  Gov : Government organizations  Mil : Military organizations  Net : Networking organizations  Org : noncommercial organizations

Domain zones  The domain name space structure is said to be similar to a tree, as the top level domains are divided into other sub-domains each domain consists of several zones  Name servers generally have complete information about some part of the domain name space, called a zone, which they load from a file or from another name server. The name server is then said to have authority for that zone.

Domain names and zones

DNS  Translation of a domain name into an equivalent IP address is called name resolution and it is the main purpose of the DNS protocol.  A host asking for DNS name resolution is called a resolver.  if the requested host name is contained by the name server’s database, the server is said to be an authority for that host.  When an incoming request specifies a name for which a server is an authority, the server answers the request directly by looking for the name in its local database.

Recursive vs. iterative  if the name was out of the server authority two approaches are used to dealing with this problem.  ‘recursive’ in which the server pursues the query for the client at another server,  ‘iterative’ in which the server refers the client to another server and let the client pursue the query.

Type  Each question has a query type and a query ID, and each response has an answer type.  The most common query type is an A type. which names that an IP address is desired for the requeried name?  The NS name is made to find out the authoritive name server for a domain.  AXFR type request from the secondary DNS to a primary to update the secondary database.

DNS Caching  Caching is expected to improve the overall responsiveness of the system by ensuring that answers to questions are known and stored locally and that the query load placed on the authoritative servers is minimized.  So the next time you are requesting the same domain.com address, it instantly returns the answer, without having to contact your ISP's DNS server to ask it for the translation

DNS Forwarding  Forwarding  Even a caching name server does not necessarily perform the complete recursive lookup itself, Instead it can forward some or all of the queries that are cannot satisfy from its cache to another caching name server, commonly referred to as a forwarde

    mo.html mo.html     modules/prod_presentation0900aecd805c756c.pdf modules/prod_presentation0900aecd805c756c.pdf  

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.