ARP Security Sucks

Today, I wanted to touch a bit on man-in-the-middle attacks. Before I do, I need to break down what a man-in-the-middle attack is (from now on referred to as a MITM).

You are Joe. You want to access the internet through your spiffy new router you bought from the local Overpriced Better Buy. Normally, when a computer first enters onto a network it sends out ARP (http://en.wikipedia.org/wiki/Address_Resolution_Protocol) packets to ask the network which MAC addresses are tied to which IP addresses. The network broadcast goes to the hosts on the network, and they hopefully respond with truthful answers. There lies the problem.

Lester, our local hacker baddie wants to get Joe’s Facebook password. Lester knows that there is an inherent flaw in the way that hosts establish the flow of data on the network via ARP. Lester crafts some packets that he sends out on the network to tell the router that his MAC is Joe’s IP address, and to tell Joe’s computer that his MAC is the routers IP. He then directs and manages the flow of data from his own computer. In a nutshell, what Lester has done is forced all of Joe’s traffic through his own computer – in clear text.

ARP has been around for many years. I wonder why there isn’t anything in place to make a network more resistant to such an elementary attack. I wonder why the host isn’t smart enough to say “Hey Mr. router – you were just at 192.168.1.1 ….how are you all of a sudden at 192.168.1.143? Give me the old key we exchanged before to make sure you’re the same person.” An attacker who is in the middle of all your traffic completely controls the flow of your data. Look at a program called Ettercap, for example (found on the Backtrack security boot disc). Once in the middle of your victim and the gateway, you can do anything to them, from forcibly redirecting webpages, to changing images that display on their page (Oh no…all of your pictures are suddenly goetse images. The horror!) Or something less juvenile – like stealing bank passwords, or replacing that file you were going to download with a trojan virus.

The biggest security anyone in this world has is obscurity. Why would anyone go after YOUR data, versus the other 100 million targets they could easily go after. Once you become a target, you begin to realize just how insecure the infrastructure is as a whole. Nothing is un-hackable. Nothing is secure.

Recent Entries

Leave a Reply