Jump to content

Arp Attack


Spook
 Share

Recommended Posts

I recently watched one of the Hack5 videos which took us through using an Arp attack to fool the firewall/router into thinking my PC was another, thus capturing its network traffic

Im trying this on my ISP's network, Im trying to test this on an IP thats on the same gateway as me

Its not working, I dont appear to be recieving any packets from the remote PC

Im on XP, using Cain & Able to poisin which Ive done exactly as demonstrated, then used ethereal to sniff the packets

Im connected direct, no router using only XP's firewall

Im just wondering if this isnt working because Im trying to fool a heavy shit Cisco router used by my ISP.  Do they have extra security that defends its network from the Arp attack as apposed to your average joe netgear or belkin

Feedback would be great !

Spook.

Link to comment
Share on other sites

In the hack5 video they use an example where 192.168.1.1 is the acting firewall/router and attack 192.168.1.102

Also go into an internet cafe and do the same there

Thats what I dont understand, so surely the router is vulnerable

Link to comment
Share on other sites

Routers are often now multiple devices. It's very common to get a box with a switch and a router together. The switch is the vulnerability.

Speaking of the wireless, a ARP attack is unnecessary to capture data. Nor is connection to the network. That is if you have access to the first layer of the net stack of wireless network adapter (i.e. the physical layer).

Link to comment
Share on other sites

In the case of the wired they where attacking a box with a switch and a router combined, they where abusing the switch.

In the case of the wireless all they where doing was having the AP relabel the packets to there computer, there bypassing the need to be able to 'see' the packets physically becasue as fare as the wireless card is concerned the packets are for there computer. As for attacking a wireless network this is actually the wrong way to do it, this is a very intrusive method. The correct way is just to have the network card not drop any received packets even if they are labeled to be received by another computer. APs are, effectively, a wireless HUB.

Link to comment
Share on other sites

So just to conclude its the switch that deals with the Arp table?

Aye, only switches have ARP tables. Also, routers drop broadcast packets, which are what is used to poison arp tables. So, if you try to poison the non-existent arp table on a ISP router, the router will just (effectively) go "oh, it's a board cast packet, DELETED" (all routers have a LED on them that has the word "DELETED" next to it don't you know :P)

Link to comment
Share on other sites

Ok I see now

But you mentioned in the example of Hak.5 the router obviously has a switch built in.. great!

However, although it has a poisonable switch the router is also designed to drop  the broadcast packets

So how are they still able to do this if the broadcast packets are being dropped before they can nest into the switches Arp table

Link to comment
Share on other sites

However, although it has a poisonable switch the router is also designed to drop  the broadcast packets

So how are they still able to do this if the broadcast packets are being dropped before they can nest into the switches Arp table

The router drops the packets, not the switch. When you send a packet to the 'router' (the box that is both a switch and a router) the switch 'sees' all traffic. So if the router dose drop a packet, it must have already passed though the switch.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...