Friday, July 1, 2011

What is ARP? [Information]

 Since I've explained now how to get Backtrack 5, if you're still not on Linux then go install it now before all the fun stuff starts!
As for today's post I'll be explaining an important part about netsec: Address Resolution Protocol.

Understanding ARP, or Address Resolution Protocol, is a key part in understanding how networks communicate.

You can think of ARP as a phonebook for computers on a network.
Say the computer "Bob-PC" wants to send a message to "Meg-Laptop" but only has its local IP address. Computers require the "physical" address or MAC (Media Access Control) address to send messages, so Bob's computer needs to find out Meg's MAC. How would it do this?
Well, what Bob's computer does is checks its own "ARP cache" which is a list of computers it has stored with their IPs (such as 192.168.0.105) and MAC address (such as 00:1C:F2:D2:55), and if it finds the corresponding physical (MAC) address to the IP address it has for Meg's laptop, its all good to go!

But what if Bob's PC's ARP cache doesn't have Meg's laptop listed?
Well, ARP has this sorted out. It sends out a "broadcast ARP message" to the network saying "hey, who is 192.168.0.105 (Megs-Laptop)?" and receives a response from Meg's laptop saying "hey, that's me! My MAC address is 00:1C:F2:D2:55!"
Bob's PC then stores that information in its ARP cache for later use.

How hackers can use this to infiltrate systems is doing something called "ARP poisoning" and can be explained using this image from Wikipedia:
The malicious user, or hacker, listens in on the network and changes the ARP cache of the receiving "LAN user" to send messages to the malicious user FIRST, then back out to the corresponding target (in this case, the LAN Gateway.
This way, the hacker can view all the network traffic between the User and Gateway and change certain inquires, whether it be to an HTTPS (secure connection) site or any site in general.
We will be using this in the near future to sniff passwords from any site (HTTP and HTTPS) and show how dangerous an unwanted user on your network really is.

You can view your computer's ARP cache by typing "arp -a" into the command line on Windows or Linux and view the IP addresses and corresponding MAC addresses of each node your computer has saved.

Many users think that if they have a simple encryption on their network, it can't be broken. Some think that even if someone gains access into their network, it doesn't even matter! But this is FAR from the truth.
You will see how much damage a single user can cause on an unprotected network, whether it be through DNS spoofing (changing sites what certain IP addresses go to), password sniffing (Facebook, Google, Paypal, and Myspace passwords in clear text!), or DoS (denial of service) attacks.

This was a quick writeup and I'll be updating it frequently as I do with all my posts, but I wanted to get a quick post out to explain what ARP and ARP poisoning is, as it is vital in our path to learning network and computer security.

27 comments:

  1. True, you need to know about ARP in order to learn about computer security and networking.

    ReplyDelete
  2. Yeah, this security flaws are amazing.

    ReplyDelete
  3. Extremely informative. I'm not particularly knowledgeable about this stuff, glad I followed you!

    ReplyDelete
  4. Great info.. Your blog seems really interesting i followd

    ReplyDelete
  5. I dont know a lot about this kind of stuff, but interesting nonetheless. followed and looking forward to learn a bit here

    ReplyDelete
  6. Thanks for the feedback guys!

    ReplyDelete
  7. +Follower
    New to Linux and interested in networking technologies, good info man!

    ReplyDelete
  8. As a total newbie to Linux and networking, I have to say I found this very well written and informative, and simple enough so dolts like me can understand what you're saying. Needless to say, I'm following from now on.

    ReplyDelete
  9. You have excellent writing style. Simple, coherent, and short.

    ReplyDelete
  10. how to send a malicious ARP to my router???plz help!!!

    ReplyDelete
  11. What's up everyone, it's mу first visіt at
    this websіte, anԁ article iѕ in faсt fruitful in faνor of me, keер up ρoѕtіng ѕuсh poѕts.


    My web blоg :: pikavippi
    Feel free to surf my weblog ;

    ReplyDelete
  12. Its such as уοu rеad my
    thoughts! Υοu ѕеem to grаsρ ѕo
    much apprοxіmately this, ѕuсh as you
    wrote the ebook in іt oг sοmеthing.

    I feel that you just cοuld do with sοme p.
    c. to force the mеssаgе home
    а little bit, but otheг than that, thаt is fаntastic blog.
    A great гead. Ӏ ωill ceгtainlу bе bаck.


    Ηеre is my homeрagе http://www.zulutradeonline.com
    Here is my website ;

    ReplyDelete
  13. Pleaѕe let me κnow if you're looking for a article author for your weblog. You have some really great articles and I think I would be a good asset. If you ever want to take some of the load off, I'd гeаlly
    liκe to wrіte some аrticles foг your blog in exchangе for a link baсk to mine.
    Ρlease blаst me an е-mail іf іnterestеd.
    Кudos!

    Ηeге is my ѕіtе ::
    Half up half down hairstyles With braids
    My page - samsung galaxy note 2

    ReplyDelete
  14. Excellent and very informative. I am glad that there is at least one literate poster who is willing to share information in such an easily read format.

    ReplyDelete