So, let’s say we want to have an open wireless access point for some reason. (Maybe offering it to guests if you’re a business?) There are certainly a lot of BAD ways to give open wireless access. As we’ve seen in this series so far, it could be quite easy to hijack all connections in a network using arp spoofing. If you run business machines on a network you do NOT by any means want an open access point on the same subnet. Here are some possibilities though…..
Tag: ARP
-
Network Security – so https and ssh are immune to arp spoofing right?
When a machine has been arp spoofed, ALL network traffic from it is likely passing through a “hostile” machine. So, NO, https and ssh traffic is not immune, it is travelling through a hostile machine. However, it should be encrypted. There are a few exceptions though. SSH version 1 is a broken encryption scheme and should be avoided like the plague. As far as I know SSH 2 should be safe. Pay attention to complaints about the host identification not being able to be verified….
-
Network Security – Arp spoofing
So…. what is arp spoofing (poisoning)…. and what are it’s implications? ARP spoofing involves tricking a machine into thinking that you’re machine is, yet another. Let’s put this in IP address terms. Let’s say that 192.168.0.1 is the default gatway on the network and 192.168.0.150 is our target. We are given another network address – say 192.168.0.250…. Arp spoofing would tell 192.168.0.150 that OUR network adapter is the place to send information destined for 192.168.0.1, (and we could also tell 192.168.0.1 that WE are the rightful recipient of data sent to 192.168.0.150). These is done by offering up our MAC address as the legitimate desitination to each machine through a crafted ARP response.
-
Network Security – Hub or Switch?
So, for those that have a little bit of knowledge about network hardware, you’ve probably heard this. “You can’t sniff switched networks”…. wrong…. let’s see what this is about. Older networking hardware was dominated by what’s called a hub. This was basically a “dumb” device that when it received data, it would retransmit the data to every machine connected with the expectation that the correct recipient would answer and all others would ignore that data. Of course, this stream of data is possible to watch and easily available software could log all network traffic fairly easily.
-
Network security – how safe is your network? Looking at ARP
A while back I did a network security series and one of the points that I mentioned was that it’s important to know what is normal for your network. In other words, what machines are NORMALLY connected, what services are normally running, etc. Well, I’m about to start a serious look at something that makes this knowledge essential and that may have some rethinking whether or not it’s wise to run an open wireless access point on the same network as their traditional LAN.
-
Ping not working? try ARP
I’ll confess to having a lot to learn about IP ethernet networking. I feel pretty comfortable with basic TCP/IP (v4), the concept of UDP vs. TCP ports, ICMP pings, etc… but ARP is something that I haven’t dabbled much with. It is, of course, a layer that TCP depends on. When a machine sends a packet to another machine, it sends an arp packet out to “discover” the hardware (MAC) address of the machine on the other end, so ARP underlies everything. These days ICMP is many times blocked by firewall rules. The default with XP’s software firewall is to block ICMP pings for instance.