Page 392 - StudyBook.pdf
P. 392

376    Chapter 6 • Infrastructure Security: Devices and Media

                 To perform an attack using ARP spoofing, the intruder would follow this
             procedure:

                  1. The intruder (I) sends an ARP packet to a client (C1) using the IP address
                      of another client (C2), but the MAC address for the intruder (I).
                  2. The intruder (I) sends an ARP packet to a client (C2) using the IP address
                      of another client (C1), but the MAC address for the intruder (I).
                  3. Now both clients have ARP cache entries for each other’s IP address, but
                      the MAC address for these entries point to the intruder.The intruder
                      routes packets between C1 and C2 so that communications are not inter-
                      rupted.

                  4. The intruder sniffs all packets it is routing and is able to see all communi-
                      cations between the clients.
                 This process allows intruders to view all traffic between two clients; however,
             ARP spoofing can potentially be more damaging. By performing a MITM attack
             between a router and the switch, an intruder can see all data coming through the
             router.Additionally, if an intruder replies to every ARP request sent out by the
             switch, it can intercept traffic going to all clients.This gives the intruder the option
             of performing a DoS attack by not allowing any client to communicate with the
             switch, not routing traffic to the intended client, and sniffing the data being com-
             municated via the MITM attack.
                 Another vulnerability of most switches is that they can be configured by a stan-
             dard Telnet session. If the network from which the Telnet session originated is
             sniffed, passwords for the switch can be easily obtained, because they are sent in
             cleartext. Some newer switches allow a secure session to be made for configuring
             the switch.This secure session is made by using SSH instead of Telnet to connect to
             the router.All communication between the client and the router is encrypted when
             using SSH.Also, with both older and newer switches, configuration can be per-
             formed via a console connection to the switch so that no configuration data goes
             across the network.This is the most secure method of configuring switches, but
             most network administrators find it inconvenient. SSH provides both security and
             convenience on switches.

             Wireless

             Wireless technology is discussed in detail in Chapter 4 of this guide; however, based
             on the Security+ exam objectives, devices related to wireless technology are also




          www.syngress.com
   387   388   389   390   391   392   393   394   395   396   397