Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Slides:



Advertisements
Similar presentations
Module X Session Hijacking
Advertisements

ARP Spoofing.
ARP Cache Poisoning How the outdated Address Resolution Protocol can be easily abused to carry out a Man In The Middle attack across an entire network.
A Client Side Defense against Address Resolution Protocol (ARP) Poisoning George Mason University INFS 612, Spring 2013 Group #3 (C. Blair, N. Eisele,
1 Address Resolution Protocol (ARP) Relates to Lab 2. This module is about the address resolution protocol.
Media Access Control (MAC) addresses in the network access layer ▫ Associated w/ network interface card (NIC) ▫ 48 bits or 64 bits IP addresses for the.
 As defined in RFC 826 ARP consists of the following messages ■ ARP Request ■ ARP Reply.
Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Network Attacks Mark Shtern.
NISNet Winter School Finse Internet & Web Security Case Study 2: Mobile IPv6 security Dieter Gollmann Hamburg University of Technology
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) SriramGopinath( )
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World
Oct 21, 2004CS573: Network Protocols and Standards1 IP: Addressing, ARP, Routing Network Protocols and Standards Autumn
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.0 Module 9 TCP/IP Protocol Suite and IP Addressing.
OSI Model Routing Connection-oriented/Connectionless Network Services.
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
Chapter 4: Managing LAN Traffic
Computer Security and Penetration Testing
CCNA 1 v3.0 Module 9 TCP/IP Protocol Suite and IP Addressing
Lecture 2 TCP/IP Protocol Suite Reference: TCP/IP Protocol Suite, 4 th Edition (chapter 2) 1.
Switch Concepts and Configuration and Configuration Part II Advanced Computer Networks.
Common Devices Used In Computer Networks
1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.
Address Resolution Protocol(ARP) By:Protogenius. Overview Introduction When ARP is used? Types of ARP message ARP Message Format Example use of ARP ARP.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
CMPT 471 Networking II Address Resolution IPv4 ARP RARP 1© Janice Regan, 2012.
1 The Internet and Networked Multimedia. 2 Layering  Internet protocols are designed to work in layers, with each layer building on the facilities provided.
Lecture 20 Hacking. Over the Internet Over LAN Locally Offline Theft Deception Modes of Hacker Attack.
CCNA 1 v3.0 Module 9 TCP/IP Protocol Suite and IP Addressing.
CIS 450 – Network Security Chapter 5 – Session Hijacking.
1 Network Administration Module 3 ARP/RARP. 2 Address Resolution The problem Physical networks use physical addresses, not IP addresses Need the physical.
CHAPTER 9 Sniffing.
CSE 6590 Department of Computer Science & Engineering York University 111/9/ :26 AM.
Media Access Control (MAC) addresses in the network access layer ▫ Associated w/ network interface card (NIC) ▫ 48 bits or 64 bits IP addresses for the.
BAI513 - PROTOCOLS ARP BAIST – Network Management.
BZUPAGES.COM Presentation on TCP/IP Presented to: Sir Taimoor Presented by: Jamila BB Roll no Nudrat Rehman Roll no
Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.
CCNA 1 v3.0 Module 9 TCP/IP Protocol Suite and IP Addressing
1 Kyung Hee University Chapter 8 ARP(Address Resolution Protocol)
1 OSI and TCP/IP Models. 2 TCP/IP Encapsulation (Packet) (Frame)
CSIT 220 (Blum)1 ARP Based on Computer Networks and Internets (Comer)
Sniffing and Session Hijacking Lesson 12. Session Hijacking Passive Attacker hijacks a session, but just sits back and watches and records all of the.
ISDS 4120 Project 1 DWAYNE CARRAL JR 3/27/15. There are seven layers which make up the OSI (Open Systems Interconnection Model) which is the model for.
TCP/IP Protocol Suite and IP Addressing Presented By : Dupien AMS.
Address Resolution Protocol Yasir Jan 20 th March 2008 Future Internet.
Comparison of Network Attacks COSC 356 Kyler Rhoades.
MAN-IN-THE-MIDDLE ATTACK STEGANOGRAPHY Lab# MAC Addresses and ARP  32-bit IP address:  network-layer address  used to get datagram to destination.
SESSION HIJACKING It is a method of taking over a secure/unsecure Web user session by secretly obtaining the session ID and masquerading as an authorized.
Virtual Local Area Networks In Security By Mark Reed.
TCP Sliding Windows For each TCP connection each hosts keep two Sliding Windows, send sliding window, and receive sliding window to make sure the correct.
1 Address Resolution Protocol (ARP). 2 Overview 3 Need for Address Translation Note: –The Internet is based on IP addresses –Local area networks use.
Behrouz A. Forouzan TCP/IP Protocol Suite, 3rd Ed.
An Introduction To ARP Spoofing & Other Attacks
IP: Addressing, ARP, Routing
Networks Fall 2009.
Address Resolution Protocol (ARP)
Chapter 8 ARP(Address Resolution Protocol)
LAN Vulnerabilities.
ARP and RARP Objectives Chapter 7 Upon completion you will be able to:
Computer Networks 9/17/2018 Computer Networks.
Net 323: NETWORK Protocols
Network Security: IP Spoofing and Firewall
Network Security: DNS Spoofing, SQL Injection, ARP Poisoning
Address Resolution Protocol (ARP)
ARP Spoofing.
TCP/IP Protocol Suite: Review
1 ADDRESS RESOLUTION PROTOCOL (ARP) & REVERSE ADDRESS RESOLUTION PROTOCOL ( RARP) K. PALANIVEL Systems Analyst, Computer Centre Pondicherry University,
Ch 17 - Binding Protocol Addresses
Computer Networks ARP and RARP
Presentation transcript:

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information Security Risks, Part I Module 1: Denial of Service Attacks Module 2: Network Intrusions –Spoofing  Module 3: Network Intrusions –Session Hijacking, ARP Poisoning, etc. Module 4: Software Vulnerabilities Module 5: Malicious Code Module 6: Summary

Module 3 Network Intrusion (Others)

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 3 Students should be able to: –Recognize different mechanisms for ARP Poisoning and Session Hijacking. –Identify vulnerabilities associated with these types of attacks. –Decide upon defenses to protect against these attacks. Network Attacks Learning Objectives

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 4 Each node connected to the Ethernet LAN has two addresses MAC address & IP address MAC address is hardwired into the specific network interface card (NIC) of the node –MAC addresses are globally unique and with this address the Ethernet protocol sends the data back and forth. –Ethernet builds data frames that contain the MAC address of the source and destination computer. IP address is a virtual address and is assigned by software. –IP communicates by constructing packets which are different from frame structure. –These packets are delivered by the network layer (Ethernet) that splits the packets into frames, adds an Ethernet header and sends them to a network component. Network Attacks ARP

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 5 IP and Ethernet work together. Packets are sent over Ethernets. –Ethernet devices do not understand the 32-bit IPv4 addresses. –They transmit Ethernet packets with 48-bit Ethernet addresses. An Ethernet frame is built from IP packet, but for the construction of Ethernet frame the MAC address of the destination computer is required. An IP driver must translate an IP destination address into an Ethernet destination address. –The Address Resolution Protocol (ARP) is used to determine these mappings. –For efficiency the ARP allows the address translation to be cached in the routers. Network Attacks ARP

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 6 There is considerable risk here if un trusted nodes have write access to the local net. Such a machine could emit phony ARP queries or replies and divert all traffic to itself; it could then either impersonate some machines or simply modify the data streams en passant. This is called ARP spoofing Network Attacks ARP

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 7 In ARP poisoning the hacker updates the target computer’s ARP cache with a forged ARP request and reply packets in an effort to change the MAC address to one that the attacker can monitor. –Since ARP replies are forged, the target computer sends frames that were meant for the original destination to the attacker’s computer first so the frames can be read. A successful ARP attempt is invisible to the user Network Attacks ARP Poisoning

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 8 Static ARP table entries –Scalability Issues Critical Machines Only Separation of Servers and Workstations –Permanent not always permanent RFC compliance Network Segmentation –Economic Factors –Added Complexity Attack Detection –Packet Anomalies –ARP Traffic Anomalies Ethernet Fields\ARP fields do not match Monitor for ARP Reply\Request matches Monitor ARP traffic for abnormally high percentages of certain MAC addresses Network Attacks ARP Poisoning

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 9 Definition: Hacker takes over an existing active session and exploits the existing trust relationship Process: –User makes a connection to the server by authenticating using his user ID and password. –After the user authenticates, the user has access to the server as long as the session lasts. –Hacker takes the user offline by denial of service –Hacker gains access to the user by impersonating the user Typical Behaviors: Attacker usually monitors the session, periodically injects commands into session and can launch passive and active attacks from the session. Network Attacks Session Hijacking: Definitions

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 10 Network Attacks Session Hijacking: Process Bob telnets to Server Bob authenticates to Server Bob Attacker Server Die!Hi! I am Bob Protection: –Use Encryption –Use a secure protocol –Limit incoming connections –Minimize remote access –Have strong authentication

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 11 Reliable Transport –At sending end file broken to packets –At receiving end packets assembled into files Sequence numbers are 32-bit counters used to: –Tell receiving machines the correct order of packets –Tell sender which packets are received and which are lost Receiver and Sender have their own sequence numbers Session Hijacking Process

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 12 When two parties communicate the following are needed: –IP addresses –Port Numbers –Sequence Number IP addresses and port numbers are easily available –Hacker usually has to make educated guesses of the sequence number –Once attacker gets server to accept the guessed sequence number he can hijack the session. Session Hijacking Process

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 13 Juggernaut –Network sniffer that that can also be used for hijacking –Get from Hunt –Can be use to listen, intercept and hijack active sessions on a network – TTY Watcher –Freeware program to monitor and hijack sessions on a single host – IP Watcher –Commercial session hijacking tool based on TTY Watcher – Session Hijacking Popular Programs

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 14 Use Encryption Use a secure protocol Limit incoming connections Minimize remote access Have strong authentication Session Hijacking Protection

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 15 The network protocols were not designed with intrinsic security –Weaknesses in the protocols can be exploited to launch attacks Two attacks that have been discussed –ARP Attacks –Session Hijacking attacks Network Intrusions (Other) Summary

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.