1. How can ARP spoofing attack be controlled permanently? What are the drawbacks of S-ARP protocol, Static MAC Entries, Kernel based patches?
Answer:
1.1.1 Secure ARP Protocol (S-ARP)
This has been proposed as a replacement for the ARP protocol in [10]. The S-ARP protocol is definitely a permanent solution to ARP spoofing but the biggest drawback is that we will have to make changes to the network stack of all the hosts. This is not very scalable as going for a stack upgrade across all available operating systems is something both vendors and customers will not be happy about. As S-ARP uses Digital Signature Algorithm (DSA) we have the additional overhead of cryptographic calculations though the authors of the paper have claimed that this overhead is not significant.
1.1.2 Static MAC Entries Adding static MAC addresses on every host for all other hosts will not allow spoofing but is not a scalable solution at all and managing all these entries is a full time job by itself. This can fail miserably if mobile hosts such as laptops are periodically introduced into the network. Also some operating systems are known to overwrite static ARP entries if they receive Gratuitous ARP packets (GARP).
1.1.3 Kernel Based Patches Kernel based patches such as Anticap[11] and Antidote[12] have made an at- tempt to protect from ARP spoofing at a individual host level. Anticap[11] does not allow updating of the host ARP cache by an ARP reply that carries a differ- ent MAC address then
Networking is part of our everyday lives now. Weather is us using our phones, computer, using GPS for directions, watching 3D movies and TV’s or in our work environments. Network Security has become search a big issue since our day to day live started to be more involve with us. These problems involve in all type of shapes and forms where some of these issues are cyber attacks, physical attacks, or abuse of policies. People are really exposed due to the amount of internet activities we have going on in most of our networks. There are two fundamentally different when it comes to networking, the data networks and the synchronous network comprised of switches. With that being said there are also
One of the areas that were not identified was how the network system allowed the spoofing and was not caught much earlier. Were permissions already in place? Do they have a network logging system that analyzes the logs? The lack of other system checks were not addressed in this scenario.
Wireless security in 802.11 is less robust and has many security flaws that can be exploited by an attacker. Security best practice for wireless networks depends on a defense in depth strategy, with five control layers:
Bridge is a simple device that aids in interconnecting similar LAN's between local area networks that use identical protocols for the physical and data link layers in accordance with the IEEE 802.3 standards. As the devices connected to the bridge use the same protocols, the amount of processing required is minimal. Nowadays, routers are used more commonly to interconnect LAN’s as bridges are Layer 2 devices and pose almost no security while the router is a Layer 3 device and offers better Data Security.
To reduce the risk of these types of attacks, routers should be hardened, packet filtering controls should be used and routing information should be controlled.
1. Based on the interface and the forwarding IP address, ARP consults the appropriate ARP cache for an entry for the forwarding IP address. If an entry is found, ARP skips to step 6.
Providing safety & security for the device from MAC flooding and Network spoofing by designing and implementing security & safety mechanisms which are essential for Network design.
Proof. This attack is a type of replay attack in which the sent data does not belong to the current run of protocol, but they are achieved by the previous runs. This type of attack is usually occurred for communication protocols in which liveness of principals is absent. As message m=N_SA∥N_SB∥SA∥T_1 is consisted of the message sender identity and the nonce of the receiver and encrypted by the public key of BS, interleaving attack prevented. Even the attacker causes that SA performs other instances of protocol, the attacker won’t be able to apply replay messages belonging to previous instances of protocol, because this message is consisted of N_SA , the identity of SA, and the
One of mitigation technique is based on cross checking of ARP responses and blocking the uncertified ARP responses. This may be integrated with the DHCP server so that both dynamic and static IP addresses are certified. This capability may be implemented in individual hosts or may be integrated into Ethernet switches or other network
There are many different vendors providing various WIPS systems or more complex security solutions all in one. All of them provide the most important feature from the WIPS attack discovery options, to detect rogue access points and unauthorized connections, client devices and ad hoc networks. One of them is Cisco Adaptive Wireless IPS, this uses a network controlled system (NCS) that generates flags as rogue
A group of wireless sensor nodes (devices) dynamically constructs a temporary network without the exercise of any pre-existing network infrastructure or centralized administration. The main goal of ad-hoc networking is multihop broadcasting in which packets are transferred from source node to destination node through the intermediate nodes (hops). The main function of multi hop WSN is to enable communication between two terminal devices through a bit of middle nodes, which are transferring information from one level to another level. On the foundation of network connectivity, it dynamically gets to determine that which nodes should get included in routing, each node involved in routing transmit the data to further
The Internet Protocol (IP) has some vulnerability that can be exploited to transfer information along the network by being anonymous. Some attempts have been made using IPv4 but now since IPv6 is the new mode of network the challenge is to design it to fit the new trend.
In this section, [how sip works2] provide some methods that might help to reduce the risks of flooding and app attacks.
IPv6 uses NDP (Neighbor Discovery Protocol) to find the MAC address. NDP manages interaction between nodes via message exchanges. These messages provide the data necessary for the processes of host auto configuration and packet transmission on a local link. Host auto configuration involves separate tasks of Parameter discovery, address auto configuration and duplicate address detection. Packet discovery is facilitated through router discovery process. It obtains the necessary parameters required for host configuration. Duplicate address detection is used to detect the presence of duplicate addresses on the same link. Packet transmission process requires data which can be obtained by router discovery, prefix discovery, address resolution, neighbor
Smurf Attack: The Smurf Attack is a denial-of-service attack in which large numbers of ICMP packets with the intended victim's spoofed source IP are broadcast to a computer network using an IP Broadcast address. This causes all hosts on the network to reply to the ICMP request, causing significant traffic to the victim's computer. For example, if there are n hosts connected to a network then attacker can make the entire host to send n reply packet to the victim by sending a single packet to