Passive Sniffing

• Passive Sniffing attacks are just watching.
• userids, passwords, and other sensitive information

Active Sniffing.

• MAC flooding
  • Fill up the CAM table in the switch
  • make it overflowwww
  • <MAC address - port number -TTL>
• ARP poisoning
  • prob stealthier, does not need to bring down switch functionalities.
  • it exploits the concept of traffic redirection.

Gratuitous ARP requests

• A request packet where source and destination IP are set with the IP of the machine that is issuing the packet and the dest MAC is the broadcast address.

Gratuitous ARP requests

• ARP request has been sent without being asked.

• Two ways of poisoning

  1. Host poisoning
     1. Gratuitous ARP reply packets
        • replace the MAC address of the dest IP to ATTACKER MAC.
  2. Gateway Poisoning

     1. Poison the Gateway.

        • Claim all the IP address with MAC address of ATTACKER MAC.

        

  Tools

  • Dsniff

  • wireshark

  • tcpdump

    

  Migitaion/Countermeasure

  • arpwatch
  • arpcop

Local to Remote MITM

Ex. .

1. Host A has IP of the gateway but not the MAC address of the gateway device. And he is trying to reach out to WLAN.
2. M can use Gratuitous ARP reply to advertise itself as the gateway : sending out arp reply packet with FORGED_IP_DEFAULT_GATEWAY + M_MAC_ADDRESS . tho,

DHCP Spoofing

DHCP is a service usually runing on routers to dynamically assign or revoke IP address to new hosts on the network.