1 ARP Protocol (cont.) ARP Request & Reply Operation – steps involved: 1) The sender knows the IP address of the target. 2) IP asks ARP to create an ARP request message, filling in the sender physical and IP address, and the target IP address. The target physical address is set to 0-s! 3) The message is passed to the data link layer where it is encapsulated in a frame using the physical address of the sender as the source address and the physical broadcast address as the destination address. 4) Every host and router receives the frame. As the frame contains a broadcast destination address, all stations remove the message and pass it to their ARP. All machines except the one targeted drop the packet . 5) The target machine replies with an ARP reply message that contains its physical address. 6) The sender receives the reply message. It knows the physical address of the target machine and is able to send the original IP datagram … Data Preamble and SFD Destination address Source address Type CRC 8 bytes 6 bytes 6 bytes 2 bytes 4 bytes Type: 0x0806
18
Embed
ARP Protocol (cont.)...ARP Protocol (cont.) 3 Example [ ARP operation] If the source needs to send an IP datagram to the destination now, it makes sense that the destination will probably
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
1ARP Protocol (cont.)
ARP Request & Reply Operation – steps involved:
1) The sender knows the IP address of the target.
2) IP asks ARP to create an ARP request message, filling in the sender physical and IP address, and the target IP address. The target physical address is set to 0-s!
3) The message is passed to the data link layer where it is encapsulated in a frameusing the physical address of the sender as the source address and the physicalbroadcast address as the destination address.
4) Every host and router receives the frame. As the frame contains a broadcastdestination address, all stations remove the message and pass it to their ARP.All machines except the one targeted drop the packet.
5) The target machine replies with an ARP reply message that contains its physicaladdress.
6) The sender receives the reply message. It knows the physical address of thetarget machine and is able to send the original IP datagram …
DataPreambleand SFD
Destinationaddress
Sourceaddress Type CRC
8 bytes 6 bytes 6 bytes 2 bytes 4 bytes
Type: 0x0806
2ARP Protocol (cont.)
Example [ ARP operation ]A host with IP address 130.23.43.20 and MAC address B2:34:55:10:22:10 has a packetfor another host with IP address 130.23.43.25 (and MAC address A4:6E:F4:59:83:AB,which is unknown to the first host). The two hosts are on the same Ethernet network. Show the ARP request and reply packets encapsulated in Ethernet frames.
Gratuitous ARP – an ARP Response that was not prompted by an ARPRequest • Gratuitous ARP is sent as a broadcast message and is a
way for a node to announce or update its IP to MACmapping to the entire network
Example: two Routers share theIP address 10.0.0.1. The hosts usethis shared IP address as their default gateway.When one of the routers experiencesa failure, the other router sends a Gratuitous ARP.
Gratuitous ARP (cont.) – how to recognize if an ARP packet is ‘gratuitous’ • operation code: 2 (reply)• source IP = destination IP• target MAC = ff:ff:ff:ff:ff:ff
Vulnerabilities of ARP 1) since ARP does not authenticate requests orreplies, ARP Requests & Replies can be forged
2) ARP is stateless – ARP Replies can be sent without a corresponding ARP Request
3) according to ARP protocol specification, a nodereceiving an ARP packet (Request or Reply) mustupdate its local ARP cache with the informationin the source fields
packets (requests or replies) with various sender IP addresses⇒ consumes system resources + causes an overflow of ARPtables (size of ARP tables is generally restricted)
these devices to modify their ARP entries – as a result:a) devices cannot communicate with one another and/or b) devices send their data to the attacker
ARP Spoofing – attack in which a malicious actor sends falsified ARP messages over a LAN – allows the malicious actor tointercept or stop data in-transit …• can only occur on LANs that utilize ARP protocol
• 3 main flavours: Gateway Spoofing & User Spoofing &User-User Spoofing
ARP Vulnerabilities (cont.)
combination of gateway and user spoofing
12ARP Vulnerabilities (cont.)
Example [ Gateway ARP Spoofing ]ARP packet sent from the attacker (A) deceives Host B into adding a false IP-to-MACbinding of the gateway. After that normal communication between Host B and the gateway are interrupted. If an ARP packet with the forged gateway MAC address is broadcast to the LAN, all communication within the LAN may fail!!!
Could be a gratuitous messageto poison the entire networkat once!!!
13ARP Vulnerabilities (cont.)
Example [ User ARP Spoofing ]ARP packet sent from the attacker (A) deceives gateway into adding a false IP-to-MACaddress binding of Host B. After that, normal communications between the gatewayand Host B are interrupted.
14ARP Vulnerabilities (cont.)
Example [ User-User ARP Spoofing ]ARP packet sent from the attacker (A) deceives Host C into adding a false IP-to-MACAddress mapping of Host B. After that, normal communications between Host C andHost B are interrupted.