CS4622: Computer Networking Group 3: Network Security Ayham Hmemes Hamilton Bradford Janelle Bright Jonathan Reagan Peter Wang

ARP POISONING

A BRIEF OVERVIEW : ARP: maps the logical address to the physical address (given logical, find physical) Keep in mind that the Tx doesn’t know the physical address of the Rx – and the IP address alone IS NOT enough info to tell the Tx where the RX is located – this is the problem ARP solves The Tx broadcast out an ARP query packet to all stations on the network – the packet contains the Tx’s physical/IP addresses and the IP address it’s seeking to find a physical address for. All stations on the network receives the query packet however, only the station with that IP responds The responding Rx sends back it’s physical address (in a unicast form) to the Tx Now the Tx can unicast the actual data to the Rx

Computer 1 → computer 2 Computer 1 → computer 3 Arp table for computer 1 will have : Computer 1 will be able to communicate with computer 2 and 3, because now it has both ip and mac address for each one of them. IP Addresses Mac Addresses Computer 2 IP address Computer 2 MAC address Computer 3 IP address Computer 3 MAC address

ARP POISONING: IP Address MAC address Router’s IP address We will send fake ARP requests to the target, linking our MAC address with the IP address of the Gateway (Router) So the victim’s Arp table will look like : So now all the traffic that the victim sends to Wi-Fi Router, will be directed to us , but not to the Gateway IP Address MAC address Router’s IP address Our (hacker) MAC address

Redirect the received data after spying or modifying it Let’s see this visually: data Redirect the received data after spying or modifying it Fake ARP requests

TIPS TO PREVENT ARP SPOOFING If your network has been compromised by ARP spoofing, there are some methods you can try to prevent further damage or privacy breach. Use Anti-ARP Tools If you have any idea of what type of ARP spoofing tool the attacker is using, find a tool that can counter it. Using static ARP is one of the many methods to prevent ARP spoofing attack. However, static ARP can only prevent simple ARP attacks, and cannot be relied upon as a failsafe ARP spoofing defense tool. Use ARP-Spoofing Proof Switches Most modern switches come with the built-in ARP spoofing protection feature. You can use these switches to protect your network or computer from ARP spoofing attacks and ensure the protection of your privacy. Use Virtual Private Networks One of the best ways to protect your computer from ARP spoofing attack is by using a VPN.  A VPN will allow you to do online activities through an encrypted tunnel. Not only is the mode of transmission encrypted but also the data that goes through it. So, even if your network is compromised by ARP spoofing, your privacy, data or conversation will remain secure because the attacker won’t be able to decrypt the 256-bit encrypted data.

NON-MALICIOUS USE Proxy ARP1 Proxy ARP allows for multiple physical networks to act as though they were on the same subnet. Network Debugging Exactly how an attacker would use ARP poisoning, it can be used to analyze packets being sent across a network. Firewalls Firewalls can filter packets before they reach the network. 1https://www.itworld.com/article/2794563/data-center/arp-networking-tricks.html

DNS SPOOFING

A BRIEF OVERVIEW DNS resolves symbolic domain names to IP addresses Security was not considered during design of DNS

DNS SPOOFING1 Because DNS responses are predictable, the only thing an attacker needs to guess is the Transaction ID (generally 16 bits) Kaminsky exploit builds on this and compromises a domain by attacking an authoritative server Once successful, the attack remains until the response TTL expires 1https://www.cs.cornell.edu/~shmat/shmat_securecomm10.pdf

MAN IN THE MIDDLE Targets local networks instead of a vulnerable DNS Resolver Implements ARP Spoofing to intercept DNS requests to/from target and change them

TIPS TO PREVENT DNS SPOOFING DNS Encryption DNSSEC Port Randomization Increasing expiry time for legitimate DNS requests in the cache

SQL INJECTION

A BRIEF OVERVIEW SQL Programming language used primarily for databases Created in 1986 Most in-demand programming language for 2017 Companies such as Google, Facebook, and Twitter use SQL Notorious for its major security flaws

A BRIEF OVERVIEW SQL Injection One of the most common hacking techniques Injects malicious code in order to manipulate databases An SQL injection can both insert or delete data in the database

WHAT IS SQL INJECTION

TIPS TO PREVENT SQL INJECTION Prevention is quite simple mySQL_real_escape_string(“...”) Prepared Statements Various scripts and guides exist to check for SQL injection vunerabilites

SOURCES https://www.itworld.com/article/2794563/data-center/arp-networking-tricks.html https://www.cs.cornell.edu/~shmat/shmat_securecomm10.pdf https://secure.php.net/manual/en/pdo.prepared-statements.php https://secure.php.net/manual/en/security.database.sql-injection.php https://www.w3schools.com/sql/sql_injection.asp https://www.acunetix.com/websitesecurity/sql-injection/ https://www.netacad.com/ https://www.tutorialspoint.com/ethical_hacking/ethical_hacking_arp_poisoning.htm