In: Categories » Electronics and communication » Protocols » Strange and Offbeat Spoofing Attacks
|
IP spoofing is only one form of spoofing. Other spoofing techniques exist, including ARP and DNS spoofing. Let's briefly examine each. ARP SpoofingARP spoofing is a technique that alters the ARP cache. Here's how it works: The ARP cache contains hardware-to-IP mapping information. The key is to keep your hardware address, but to assume the IP address of a trusted host. This information is simultaneously sent to the target and the cache. From that point on, packets from the target are routed to your hardware address. (The target now "believes" that your machine is the trusted host.) There are severe limitations to this type of attack. One is that the ruse might fail when crossing intelligent hubs and some routers. Therefore, ARP cache spoofing is reliable only under certain conditions, and even then it might be restricted to the local network segment. Moreover, cache entries expire pretty quickly. Thus, you still have to backtrack periodically and update the cache entries while implementing the attack. Can ARP spoofing be defeated? Absolutely. There are several things that you can do. One is to write your address mappings in stone. This can, however, be an irritating prospect. Paul Buis explains in his paper Names and Addresses: Many operating systems do however have provisions for making entries in the ARP cache "static" so they do not time out every few minutes. I recommend using this feature to prevent ARP spoofing, but it requires updating the cache manually every time a hardware address changes. Another choice is to use ARPWATCH. ARPWATCH is a utility that watches changes in your IP/Ethernet mappings. If changes are detected, you are alerted via email. (Also, the information will be logged, which helps track down the offender.) To use ARPWATCH, you need UNIX, C, and AWK. (The distribution comes in source only.) DNS SpoofingIn DNS spoofing, the cracker compromises the DNS server and explicitly alters the hostname-IP address tables. These changes are written into the translation table databases on the DNS server. Thus, when a client requests a lookup, he or she is given a bogus address; this address is the IP address of a machine that is completely under the cracker's control. The likelihood of this happening is slim, but widespread exposure could result if it does occur. The rarity of these attacks should not be taken as a comforting indicator. Although you might be willing to accept the risks associated with using these services for now, you need to consider the impact that spoofed DNS information might have.… It is possible for intruders to spoof BIND into providing incorrect name data. Some systems and programs depend on this information for authentication, so it is possible to spoof those systems and gain unauthorized access. DNS spoofing has now been automated at least on some platforms. There is an interesting document that addresses a DNS spoofing technique—Java Security: From HotJava to Netscape and Beyond, by Drew Dean, Edward W. Felten, and Dan S. Wallach. The paper discusses a technique by which a Java applet makes repeated calls to the attacker's machine, which is, in effect, a cracked DNS server. In this way, it is ultimately possible to redirect DNS lookups from the default name server to an untrusted one. From there, the attacker might conceivably compromise the client machine or network. (This bug was fixed in 1.02.) DNS spoofing is fairly easy to detect, however. If you suspect one of the DNS servers, poll the other authoritative DNS servers on the network. Unless the originally affected server has been compromised for some time, evidence will immediately surface that it has been spoofed. Other authoritative servers will report results that vary from those given by the cracked DNS server. Polling might not be sufficient if the originally spoofed server has been compromised for some time. Bogus address-host name tables might have been passed to other DNS servers on the network. If you are noticing abnormalities in name resolution, you might want to employ a script utility called DOC (domain obscenity control). As articulated in the utility's documentation: DOC (domain obscenity control) is a program which diagnoses misbehaving domains by sending queries off to the appropriate domain name servers and performing a series of analyses on the output of these queries. Other techniques that defeat DNS spoofing attacks include the use of reverse DNS schemes. Under these schemes, sometimes referred to as tests of your forwards, the service attempts to reconcile the forward lookup with the reverse. This technique might have limited value. In all likelihood, the cracker has altered both the forward and reverse tables.
|
legal disclaimer
1) Our website is not responsible for the information contained by this article as well for any and all copyright infringements by authors and writers. E-articles is a free information resource. If you suspect this article for any copyright infringements, please read the Terms of service and contact us to investigate the problem.
2) The E-articles directory team is not responsible for inaccuracies, falsehoods, or any other types of misinformation this tutorial may contain and will not be liable for any loss or damage suffered by a user through the user's reliance on the information gained here. Please read the Terms of service
Useful tools and features
If you like this article (tutorial), please link to it from your web page using the information above. Linking to this page, this is the only way to help us improve our service, the same time providing your visitors with a way to improve their online experience.
related articles
The IN protocols and concepts can be used to implement enhanced wireless services rapidly and to have these services available across serving areas in an untethered wireless network. Some of these services are listed below: Voice-Based User Identification. This service employs a form of automatic speech recognition to validate the identity of the speaker. Access to services can then be restricted to the user whose voice (phrase) has been used to train the recognition device. Voice-Based Featur...
2. Wireless LAN and Personal Area Network
The Wireless Internet is not just wireless communications across town or the country. It is also local—sometimes in a home or office building. Wireless LANs are just becoming popular with economically priced wireless Ethernet equipment. Standards such as IEEE 802.11, HiperLAN2, and Home RF are leading the way to untethered communications in-building or outside over small areas. Another important development is the Personal Area Network, also known as Bluetooth. Let’s take a look at each of th...
3. The Domain Concept
The solution to all of these problems is the network domain. In a domain, you only have a single name and password, which gets you into every shared PC and printer on the network. Everyone's account information resides on a central computer called a domain controllera computer so important, it's usually locked away in a closet or a data-center room. A domain controller keeps track of who is allowed to log on, who is logged on, and what each person is allowed to do on the network. When you log onto the domain with your PC,...
4. Duplexing Techniques in Wireless communication systems
Wireless communication systems have evolved through several stages of multiple-access control. The foremost controllable resource has always been the frequency spectrum. Other resources such as time, code, and space were initially manipulated in a very precarious and, therefore, ineffective manner. The early systems operated in the simplex mode in the forward link. Halfduplex systems soon appeared, in which forward link and reverse link shared the same channel. Access control was performed on a push-to-talk basis wit...
Millions of people, have embraced the flexibility of a networking system that involves no wires at alla cordless networking technology called WiFi or 802.11 ("eight-oh-two dot eleven"). (Your Macintosh friends probably call the same thing AirPort, because that's what Apple calls it.) To get onto a wireless network, your PC needs a WiFi transmitter. Almost every laptop sold today has WiFi built in. You can also add it to a desktop in the form of a wireless card or USB adapter; either way, you gain a little antenna. Once...
6. VPN and Tunneling Protocols
Let us discuss the most common and widely used real-world VPN protocols. The growing number of users, the ease of accessibility, and the reduced cost of the Internet connection have introduced a greater need for cost-effective and secure communications without purchase of leased lines. Many companies participated in the development that resulted in the creation of different VPN standards and protocols. We discuss the most common ones here. IPSec IPSec is the most widely acknowledged, supported, and standardize...
7. MOBILE ELECTRONIC MAIL
Electronic mail (email) is the transferring of information messages via an electronic communications system. Initial versions of email could send short text messages of 1 to 3 pages. Email technology has evolved (standardized) to allow file attachments, and new versions of email (such as those using Flash technology) send animation or video clips as email messages. Email messaging is probably the best single reason for users to get connected to the Internet. There were over 400 million email account u...