Page 86 - StudyBook.pdf
P. 86

70     Chapter 2 • General Security Concepts: Attacks

                 Subtle attacks are far more effective than obvious ones. Spoofing has an advan-
             tage in this respect over a straight vulnerability exploit.The concept of spoofing
             includes pretending to be a trusted source, thereby increasing the chances that the
             attack will go unnoticed.
                 If the attacks use just occasional induced failures as part of their subtlety, users
             will often chalk it up to normal problems that occur all the time. By careful appli-
             cation of this technique over time, users’ behavior can often be manipulated.


              EXERCISE 2.01


              ARP SPOOFING
                  Address Resolution Protocol (ARP) spoofing can be quickly and easily
                  done with a variety of tools, most of which are designed to work on
                  UNIX OSes. One of the best all-around suites is a package called dsniff. It
                  contains an ARP spoofing utility and a number of other sniffing tools
                  that can be beneficial when spoofing.
                      To make the most of dsniff you’ll need a Layer 2 switch into which
                  all of your lab machines are plugged. It is also helpful to have various
                  other machines doing routine activities such as Web surfing, checking
                  post office protocol (POP) mail, or using Instant Messenger software.
                      1. To run dsniff for this exercise, you will need a UNIX-based
                         machine. To download the package and to check compatibility,
                         visit the dsniff Web site at www.monkey.org/~dugsong/dsniff.
                      2. After you’ve downloaded and installed the software, you will see
                         a utility called arpspoof. This is the tool that we’ll be using to
                         impersonate the gateway host. The gateway is the host that
                         routes the traffic to other networks.
                      3. You’ll also need to make sure that IP forwarding is turned on in
                         your kernel. If you’re using *BSD UNIX, you can enable this with
                         the sysctl command (sysctl –w net.inet.ip.forwarding=1). After
                         this has been done, you should be ready to spoof the gateway.
                      4. arpspoof is a really flexible tool. It will allow you to poison the
                         ARP of the entire local area network (LAN), or target a single
                         host. Poisoning is the act of tricking the other computers into
                         thinking you are another host. The usage is as follows:
                      home# arpspoof –i fxp0 10.10.0.1





          www.syngress.com
   81   82   83   84   85   86   87   88   89   90   91