Network security – how safe is your network? Looking at ARP



A while back I did a network security series and one of the points that I mentioned was that it’s important to know what is normal for your network. In other words, what machines are NORMALLY connected, what services are normally running, etc. Well, I’m about to start a serious look at something that makes this knowledge essential and that may have some rethinking whether or not it’s wise to run an open wireless access point on the same network as their traditional LAN.


Let’s start out by trying to clarify some terms and get a background on the info we need to understand the upcoming articles. I’ve mentioned ARP before… Arp is short for Address Resolution Protocol. It might best be thought of the “glue” that connects the hardware layer of a network interface, to the software layer of TCP/IP…. On most TCP IP networks, we have addresses such as this…. 192.168.0.1 192.168.0.2 etc…. these two addresses are considered to be within the same subnet. Typically, 192.168.1.1 and 192.168.1.2 would be in a different subnet than the addresses above.

These addresses are just that, an address or an abstraction of how to find a machine on a network. We need a way to find out what physical hardware address is connected to 192.168.0.1 or 192.168.0.2… that’s where ARP comes in… it maps the IP address to the MAC address which is a unique identifier given to each piece of network hardware. (Media Access Control is what MAC stands for.) So, you might find that 192.168.0.1 maps to 00:40:F4:14:07:20

ARP requests and lookups can only work within a subnet, they cannot route from one network to another.

Related Posts

Blog Traffic Exchange Related Posts
  • Network Security - Arp spoofing So.... what is arp spoofing (poisoning).... and what are it's implications? ARP spoofing involves tricking a machine into thinking that you're machine is, yet another. Let's put this in IP address terms. Let's say that 192.168.0.1 is the default gatway on the network and 192.168.0.150 is our target. We are......
  • Another trackback spam storm overnight.... All of the the swarms of trackback spam seemed to last an hour give or take a few minutes, so it does look kind of like "rent-a-bot" activity, lots of different IP addresses, trackback spam sites seem to have a common theme - the last batch was insurance type sites..........
  • Network Security - Arp spoofing series I think I've wrapped up the series on arp spoofing and it's implications for network security. I know there's nothing earth shattering here, most network security types are well aware of the problems (and perhaps aware of more sophisticated solutions?). For some though, this series is likely an eye opener......
Blog Traffic Exchange Related Websites
  • Marina Bay Yacht Harbor Marina Bay Yacht Harbor is located in Richmond, CA Phone: 510.236.1013 Website: http://www.marinabayyachtharbor.com/ Slips: 850 About the Marina: This marina was built on the site of the historic Kaiser Shipyard that was used during World War II. The marina is relatively new and offers many features for those who choose......
  • Social Security Benefits II Earlier this week, I talked a bit about the Social Security replacement rate, how much a single person could expect to receive at their normal retirement age. As we discuss trying to make up the difference to enjoy a post retirement income which replaces working income by close to 80%......
  • GEVEY Supreme Pro Plus for iPhone 4 - Review Previously, GEVEY and GEVEY Pro were available for unlocking iPhone 4. They provide a tethered solution for unlocking iPhone 4. Later, GEVEY Supreme Pro Plus was released which was supposed to be an untethered solution for unlocking iPhone 4 on basebands 02.10.04, 03.10.01 & 04.10.01. My Twitter friend, @hiteshagnani got......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site