ARP Spoofing and NetCut [english]

Topik sebelumnya Topik selanjutnya Go down

ARP Spoofing and NetCut [english]

Post  Boy21 on May 23rd 2010, 5:13 pm

ARP Spoofing and NetCut
What is ARP ?

This is the Address Resolution Protocol. It is in the OSI model Layer 2 (DataLink Layer). It is responsible for matching an IP address to a specific MAC address.
The MAC address is the hardcoded address on network devices.
Type “ipconfig /all”, the MAC address is the “Physical Address” value.

Common MAC addresses : FFFFFFFFFFFF : Broadcast Address

01005eXXXXXX : MultiCast Address

Generally, for a network transmission through a switch, the switch maps each IP Address to the specific MAC address.

What is ARP Spoofing?

It is using the MAC address maliciously. Usually the attacker uses a MAC address he doesn’t own to do one of the following:
. Man in the Middle Attack … (This lets the switch deal with the attacker's MAC as the Victim’s, so sends the packets to the attacker instead of the victim)
. Denial of service attacks.

Lots of hacking tools can edit the datalink part in the packets. Normal users don’t have enough tools for that.
But, unfortunately NetCut has become so popular that it has become annoying on LANs.
I want to clarify how it works .

NetCut ..

This is a commonly used tool used on networks. It makes a Denial of Service attack on the Victim so that he doesn’t get internet access. It does so by flooding the switch with unreal MAC address entries that point to the victim’s ip address, so the packets are mapped incorrectly and the victim receives no packets.

I‘ll try to show how this stuff works. ..

I used my desktop: Hostname : C4
IP : 10.0.0.81
Gateway : 10.0.0.138
Tools: . NetCut
. AntiArp
. Ethereal

First I‘ll use NetCut on my machine to block user 10.0.0.10



On the ethereal,, it made 1767 ARP packets in only one minute !!



The AntiArp (actually monitors and can block all incoming and outgoing arp traffic from / to my pc ) shows that I ‘m sending fake Mac address to the gateway and I’m disguised as the victim’s ip_address. (while if we make a man in the middle attack , I ‘ll get the victim’s Mac address as mine and give the victim another one ) .



This is a snapshot for the AntiArp monitoring some traffic..



How to defend against a similar type of attack ?
. AntiArp is a nice tool the defends the MAC Denial of Service attack.
. NetCut itself has an option to protect my computer.



It begins to send packets to the gateway telling it about my IP address and my REAL Mac address (in case it were spoofed)



I tried to see the difference, so I turned the protect my computer off and stopped cutting off on any other pcs.



The ethereal only captured 336 ARP packets in one minute which is just the normal ARP traffic.




. If the local arp cache in the computer was corrupted, you can clear it by typing
“arp –d*” . Also to check what is in your Arp cache, type “arp –a”.
. You can enable MAC filtering on your switches. Devices like Cisco devices enable you to write a specific MAC address on each port.


PLEASE: Don’t use the knowledge you get from this article to do any type of attacks.


Sumber : http://tamermaher.spaces.live.com/Blog/cns!AB876127E31FDC4!176.entry?sa=472952373
avatar
Boy21
Webmaster
Webmaster

Jumlah posting : 34
Lokasi : Indramayu
Registration date : 12.10.08

Lihat profil user http://boy21world.blogspot.com

Kembali Ke Atas Go down

Re: ARP Spoofing and NetCut [english]

Post  blekutuk on July 29th 2010, 9:28 pm

scratch scratch scratch scratch

blekutuk
newbie
newbie

Jumlah posting : 3
Registration date : 29.07.10

Lihat profil user

Kembali Ke Atas Go down

Re: ARP Spoofing and NetCut [english]

Post  kiddy on July 30th 2010, 1:07 pm

Masih bungung matabelo
avatar
kiddy
ADMINISTRATOR
ADMINISTRATOR

Jumlah posting : 65
Age : 26
Lokasi : Indramayu
Registration date : 12.10.08

Lihat profil user

Kembali Ke Atas Go down

Re: ARP Spoofing and NetCut [english]

Post  Boy21 on July 31st 2010, 2:05 pm

kiddy wrote:Masih bungung matabelo

waakakkaka.. sama.... lol!
intinya program NetCut yang dijelaskan diatas berfungsi untuk meng-cut koneksi ip yg dituju.

caranya kerjanya...?? dengan mengirimkan Mac address palsu (ARP Spoofing) sebanyak banyaknya sehingga target yg dituju kehabisan bandwith (Denial Of Service)...

penangkalnya..?? agar tidak menjadi korban, kita napat menangkal serangan semacam ini dengan program netcut itu sendiri (liat artikel diatas) atau dengan program Anti-NetCut...

----------------------------------------------------
NetCut dapat di download di
http://mirror.filecluster.com/netcut/netcut.exe

Anti-Netcut dapat di download di
http://www.tools4free.net/
avatar
Boy21
Webmaster
Webmaster

Jumlah posting : 34
Lokasi : Indramayu
Registration date : 12.10.08

Lihat profil user http://boy21world.blogspot.com

Kembali Ke Atas Go down

Re: ARP Spoofing and NetCut [english]

Post  Sponsored content


Sponsored content


Kembali Ke Atas Go down

Topik sebelumnya Topik selanjutnya Kembali Ke Atas

- Similar topics

 
Permissions in this forum:
Anda tidak dapat menjawab topik