| Subject: Spoofing |
Author:
Colonel Angus
|
[
Next Thread |
Previous Thread |
Next Message |
Previous Message
]
Date Posted: 00:36:16 01/08/06 Sun
In reply to:
asdf
's message, "Re: Congrats" on 02:40:13 12/22/05 Thu
ARP spoofing, also known as ARP poisoning, is a technique used to attack an Ethernet network which may allow an attacker to sniff data frames on a switched local area network (LAN) or stop the traffic altogether (known as a denial of service attack).
The principle of ARP spoofing is to send fake, or 'spoofed', ARP messages to an Ethernet LAN. These frames contain false MAC addresses, confusing network devices, such as network switches. As a result frames intended for one machine can be mistakenly sent to another (allowing the packets to be sniffed) or an unreachable host (a denial of service attack).
Using IPv6, IPsec or static ARP records can be effective methods of defence against ARP spoofing attacks. There are also certain tools available that watch the local ARP cache and report to the administrator if anything unusual happens.
Protocol spoofing is used in data communications to improve performance in situations where an existing protocol is inadequate, for example due to long delays or high error rates.
Note: In a computer security context, spoofing refers to various forms of falsification of data. The spoofing techniques discussed here are legitimately used to improve performance, not to attack systems.
Spoofing techniques
In most applications of protocol spoofing, a communications device such as a modem or router simulates ("spoofs") the remote endpoint of a connection to a locally attached host, while using a more appropriate protocol to communicate with a compatible remote device that performs the equivalent spoof at the other end of the communications link.
UUCP spoofing
The UUCP "g" protocol performs badly when used over links with highly asymmetric transfer speeds. Modems like Trailblazer or Multitech products simulate the remote endpoint to the local host in order to avoid slow high/low speed direction changeovers.
TCP spoofing
TCP connections may suffer from performance limitations due to insufficient window size for links with high bandwidth x delay product, and on long-delay links such as those over GEO satellites, TCP's slow-start algorithm significantly delays connection startup. A spoofing router terminates the TCP connection locally and uses protocols tailored to long delays over the satellite link.
RIP/SAP spoofing
SAP and RIP periodically broadcast network information even if routing/service tables are unchanged. dial-on-demand WAN links in IPX networks therefore never become idle and won't disconnect. A spoofing router or modem will intercept the SAP and RIP broadcasts, and re-broadcast the advertisements from its own routing/service table that it only updates when the link is active for other reasons.
[
Next Thread |
Previous Thread |
Next Message |
Previous Message
]
| |
Feedback: 