Anda di halaman 1dari 17

FINAL YEAR PROJECT

Project Title:

ARP cache spoofing in Local Area Network(LAN)


Project Guide: Prof.Shishir Kumar
GROUP 63 Abhinav Yadav Akhil Garg Ankita Gupta

(08204g) (08214g) (08225g)

CONTENTS
Introduction

& purpose

Benefits

and Short-comings

Model

used for development


to the project

Approach

INTRODUCTION

ARP spoofing, also known as ARP cache poisoning or ARP poison routing (APR), is a technique used to attack a local area network (LAN). ARP spoofing may allow an attacker to intercept data frames on a LAN, modify the traffic, or stop the traffic altogether. The attack can only be used on networks that make use of the Address Resolution Protocol (ARP) and not another method of address resolution.

PURPOSE OF PROJECT

The system will help in demonstrating the vulnerability of Address Resolution Protocol . It will help to show the security experts that how Local Area Network can be exploited using ARP cache spoofing. It will help to make preventive measures against the attack so that it ensures safety of network.

BENEFITS OF ARP SPOOFING

Insight - A team of security experts would be able to know that how is attack carried out and what procedure is involved in it. Knowledge -The knowledge about the implementation of attack would help to implement a counter attack .
development workflow

WORKING METHODOLOGY
Construct

spoofed ARP replies. A target computer could be convinced to send frames destined for computer A to instead go to computer B. Computer A will have no idea that this redirection took place. This process of updating a target computers ARP cache is referred to as ARP poisoning.

WORKING(EXAMPLE)

The attack is performed as follows: Suppose X is the hackers computer T1 and T2 are the targets 1. X poisons the ARP cache of T1 and T2. 2. T1 associates T2s IP with Xs MAC. 3. T2 associates T1s IP with Xs MAC. 4. All of T1 and T2s traffic will then go to X first, instead of directly to each other.

Spoofed ARP reply IP:10.0.0.2 MAC:cc:cc:cc:cc

Spoofed ARP reply IP:10.0.0.2 MAC:cc:cc:cc:cc

Router

T1 IP:10.0.0.1 MAC:aa:aa:aa:aa

T2
IP:10.0.0.2 MAC:bb:bb:bb:bb

Attacker
IP:10.0.0.3 MAC:cc:cc:cc:cc

ARP cache
IP 10.0.0.2 MAC bb:bb:bb:bb

ARP cache
IP 10.0.0.1 MAC aa:aa:aa:aa

Router

T1 IP:10.0.0.1 MAC:aa:aa:aa:aa

T2
IP:10.0.0.2 MAC:bb:bb:bb:bb

Attacker
IP:10.0.0.3 MAC:cc:cc:cc:cc

ARP cache
IP 10.0.0.2 MAC cc:cc:cc:cc

ARP cache
IP 10.0.0.1 MAC aa:aa:aa:aa

T1s cache is poisoned

Forged ARP replies IP:10.0.0.1 MAC:cc:cc:cc:cc

Router

T1 IP:10.0.0.1 MAC:aa:aa:aa:aa

T2
IP:10.0.0.2 MAC:bb:bb:bb:bb

Attacker
IP:10.0.0.3 MAC:cc:cc:cc:cc

ARP cache
IP 10.0.0.2 MAC cc:cc:cc:cc

ARP cache
IP 10.0.0.1 MAC aa:aa:aa:aa

Router

T1 IP:10.0.0.1 MAC:aa:aa:aa:aa

T2
IP:10.0.0.2 MAC:bb:bb:bb:bb

Attacker
IP:10.0.0.3 MAC:cc:cc:cc:cc

ARP cache
IP 10.0.0.2 MAC cc:cc:cc:cc

ARP cache
IP 10.0.0.1 MAC cc:cc:cc:cc

T2s cache is poisoned

Message intended to send to T2

Router

Attacker will relay the message

T1 IP:10.0.0.1 MAC:aa:aa:aa:aa

T2
IP:10.0.0.2 MAC:bb:bb:bb:bb

Attacker
IP:10.0.0.3 MAC:cc:cc:cc:cc

ARP cache
IP 10.0.0.2 MAC cc:cc:cc:cc

ARP cache
IP 10.0.0.1 MAC cc:cc:cc:cc

Attacker will relay the message

Router

Message intended to send to T1

T1 IP:10.0.0.1 MAC:aa:aa:aa:aa

T2
IP:10.0.0.2 MAC:bb:bb:bb:bb

Attacker
IP:10.0.0.3 MAC:cc:cc:cc:cc

ARP cache
IP 10.0.0.2 MAC cc:cc:cc:cc

ARP cache
IP 10.0.0.1 MAC cc:cc:cc:cc

SHORT-COMINGS
o

The software is only applicable for Local Area Network and cannot perform over wide area networks or internet. It also be used by hackers to bring down complete network to a stand still by performing denial of service to all systems in the network. If the data inside the headers send by a hacker is encrypted then it will appear in that format only cannot be decrypted without the help of third party tools.

APPROACH FOR PROJECT


We are developing the project in linux environment . We have used the concept of RAW sockets to capture the incomming ARP request and to send spoofed replies. We have used the linux networking libraries in order to capture, parse and resend the data. We have used TCP dump and Wireshark to double check that whatever information we have sniffed or captured and what ever data we are sending on wire is correct or not.

WHAT WE ARE USING ?


Linux network libraries

Networking (Socket Programming)

Third party tools:


TCP dump. Wireshark.

THANK YOU!!