First of all, what is Spoofing?
Spoofing in computer networking is a common practice among notorious users to intercept data and traffic meant for a particular user.
It’s a different form of robbery really when you look at it.
Though spoofing attacks are fairly common in the computer networks world, nonetheless, some of the famous spoofing attacks that are known to almost all of us, with little knowledge in computer networks, are DNS spoofing, IP spoofing, MAC spoofing and even ARP spoofing. However, we will be focusing on ARP Spoofing.
In a broader perspective, ARP spoofing is meant to steal some data intended for the target victim. Here is a series of usual steps that are part of ARP spoofing:
Here is a list of the ARP spoofing attacks that an attacker can launch on the victim:
Denial of Service attack usually involves directing/redirecting too much traffic to a victim to handle. Using ARP spoofing, the attacker associates multiple IP addresses to a single MAC address on a network.
Because of that, the volume of traffic meant for different machines gets redirected to a particular host. The volume of traffic overwhelms the target machine so much so that it gets overloaded and cannot perform other tasks.
In the Man in the Middle attack, the attacker sits in between the communication that happens between two users. It uses independent connections between two targets giving an illusion to the targets as if they are talking among themselves. Here is a perfect example of this attack given on Wikipedia.
It is not that these malicious activities cannot be prevented. Here are some of the methods that are employed in ARP spoofing detection and protection:
Authenticating a data sender’s identity in some way can prevent receiving data from a malicious user. Authentication uses credentials from both the systems to authenticate the users.
On top of that, the data is encrypted using some keys by the sender before sending it to the receiver. The encrypted data can only be decoded by some keys which have already been shared by the sender to the receiver beforehand. These things are a part of network security and especially encryption and decryption.
Packet filters are like inspectors which sit and carefully examine all the packets being transmitted across the network. Packet filters are often a part of the firewall programs which keep on looking out for the malicious packets.
For example, a malicious packet could contain packets from outside the network that shows source addresses from inside the network and vice-versa.
This is an old school way, but it works well. You manually set up a static ARP for your computers on the subnetwork so that there are no chances of any alterations. However, it is not recommended for a large network because there will a lot of static ARPs, and any small changes will be too much work for the network administrator.
Using VPNs (Virtual Private Networks) is one of the best ways to get protection against ARP spoofing attack. A Virtual Private Network uses an encrypted tunnel for not only data transmission but also the data that goes through it is encrypted.
Most of the methods mentioned above either require investment or are not completely failsafe such as Static ARP technique. It can only prevent simple ARP attacks. Some of the ways that Networks admins recommend are using anti-ARP tools to identify and stop the attacker.
Now, here is a little puzzle for you to solve:
Here is a screenshot of my PC below. I found it using “arp -a” command. Based on what you read, can you find what is wrong with the ARP table below?
Here is a hint: Look out for the duplicates. Now, based on your finding, can you answer the following questions?
Leave your answers and thoughts in the comment section below. Don’t forget to read our complete coverage on Computer Networks.