Maninthemiddle

It is quite common to find that organizations spend most of their IT security budget implementing border security and allocate a relatively small portion of the budget to internal security. This creates the eggshell principle where the outside is hard and protected; however, as soon as you get past those borders, everything is soft and gooey, leaving little security to stop an attacker from taking control of an entire network.

Not all attacks on web applications have to be performed by an external attacker. Internal attackers generally have a much stronger influence over the information passed between users and the web application, allowing more effective techniques for exploiting trust relationships and compromising web applications.

On a switched network, ARP spoofing (or ARP cache poisoning) is used to perform man-in-the-middle (MITM) attacks allowing data being transferred across the network to be captured, analyzed, and modified. The dsniff package on Linux contains a number of programs that enable MITM attacks to be carried out including arpspoof, dnsspoof, webmitm, dsniff, and webspy, to name a few. To run an ARP spoofing attack follow these steps:

1. Turn on IP forwarding.

echo 1 > /proc/sys/net/ipv4/ip forward

2. Run the relevant tool for the attack that you want to perform. In this case, we will be using the dsniff password sniffer:

dsniff

3. Set up the ARP cache poisoning in both directions to capture the sent and received traffic. If this is not done in both directions, then a denial of service on the victim host may occur. From a second terminal, run arpspoof to poison the first host.

arpspoof -t {hostl} {host2}

4. From a third terminal, run arpspoof to poison the second host:

arpspoof -t {host2} {hostl}

5. The terminal running dsniff should start sniffing usernames and passwords from the network traffic.

Was this article helpful?

0 0
The Ultimate Computer Repair Guide

The Ultimate Computer Repair Guide

Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.

Get My Free Ebook


Post a comment