ARP SPOOFING

PREVENTION

Topics
WHAT IS ARP SPOOFING ? IS IT RELEVENT ? WHAT DAMAGE CAN IT CAUSE ? HOW TO PREVENT ARP SPOOFING TOOLS FOR THE TRADE HARDWARE REQUIREMENTS SOFTWARE REQUIREMENTS IMPLIMENTATION CODING EXISTING SOLUTION S IMPROVED SOULUTION BY US. CONCLUSION

Introduction
ARP spoofing, also called ARP Cache poisoning, is one of the hacking methods to spoof the contents of an ARP table on a remote computer on the LAN. Two addresses are needed for one computer to connect to other computer on an IP/Ether network. One address is the MAC address; the other is the IP address. A MAC address is used on a local area network before packets go out of the gateway; an IP address is used to surf the Internet through a gateway. There is a protocol that asks "who has this MAC address" and answers the question; that is called ARP (Address Resolution Protocol). What the ARP asks the target address for sending is called the ARP Request or ARP who has, and the ARP that responds to the request is called the ARP Request or ARP who has. Although wrong information is inserted into ARP, the computer believes that the information of the ARP is valid and saves the information in own ARP table for a while. This is ARP spoofing.

Relevance
All the current networks using Ipv4/Ipv6 is vulnerable to this attack. Attacker doesnt need to know any credentials to attack. Wi-Fi networks are more vulnerable to this attack. Can Tape all the data passing through the network. Can Disrupt the Network (DOS)

Prevention
The only existing solution as of now is to use static arp entries in the arp table of the system we are using . But there are limitations to this . Various versions of windows support varied commands and features to work around this problem. So a simple script wont be enough. So the Script must be wise enough to execute the instruction according to the type of the host O.S by reading the entries from the arp table . All these settings will be lost once the system has been reset, thus the script must have the ability to auto run it and execute it in every system start up time.

Tools Used
Cain n Abel Spoofing Tool Win Pcap Networking Library support for windows Auto it3 Script creator for windows Batch File Programming - To create dos scripts.

Angry Ip Scanner - To find range of IPs in the Sub net

Hardware requirements
A minimum of 3 systems A router A switch Essential Cabling if not wifi.

Software Requirements
Host OS must be Windows Must be connected to a Network The Network card must support Promiscuous mode Essential Networking Drivers and Packet Libraries'. The User Must have Admin Privilege's

Implimentation
Connect 3 systems to the switch as usual. Connect the network router as well Provide the router with net connection Start the arp- spoofer. Select the systems to be spoofed. Show how tapped information -----------------------------------------------Now again stop the arp spoofing. The network activity will return to normal Then implement the static arp table using over script. Again try to spoof the pcs who's arp table has been made static. Show s that Arp Spoofing has failed.

Existing Solution
The Existing soultion is to manually type in every single arp entires in the arp table of the system that has been connected to the network. This a very hectic .. Time consuming process and is not possible to be implimented in large scale. Highi need for man power. Once the Setting;s have been changed.. Everything must be re- configured manually. The Process is not simple and cant be understood by the End Users Anti viruses and Fire walls doesnt give any protection from this attack.

Our Solution
Easy to Impliment executable which will configure itself to run on every system start up. Script can be run on every pc if needed to re configure. Easy to deploy and modify. All Arp Tables are made static without selecting them one by one. Auto Run script for auto configuration at start up. Removing settings is very simple and is provided with the tool. Dont make clashes with your existing network monitoring software if any . Can deploy in large scale.