Impersonation/Masquerading

Prevent or Mitigate Network Attacks 
567
Some solutions to prevent impersonation are using onetime pads and token authentica-
tion systems, using Kerberos, and using encryption to increase the diffi culty of extracting 
authentication credentials from network traffi c.
Replay Attacks 
Replay attacks
are an offshoot of impersonation attacks and are made possible through 
capturing network traffi c via eavesdropping. Replay attacks attempt to reestablish a com-
munication session by replaying captured traffi c against a system. You can prevent them by 
using onetime authentication mechanisms and sequenced session identifi cation.
Modification Attacks 
In
modifi cation attacks
, captured packets are altered and then played against a system. 
Modifi ed packets are designed to bypass the restrictions of improved authentication mecha-
nisms and session sequencing. Countermeasures to modifi cation replay attacks include 
using digital signature verifi cations and packet checksum verifi cation.
Address Resolution Protocol Spoofing 
The Address Resolution Protocol (ARP) is a subprotocol of the TCP/IP protocol suite and 
operates at the Data Link layer (layer 2). ARP is used to discover the MAC address of a 
system by polling using its IP address. ARP functions by broadcasting a request packet with 
the target IP address. The system with that IP address (or some other system that already 
has an ARP mapping for it) will reply with the associated MAC address. The discovered 
IP-to-MAC mapping is stored in the ARP cache and is used to direct packets. 
If you find the idea of misdirecting traffic through the abuse of the ARP 
system interesting, then consider experimenting with attacking tools that 
perform this function. Some of the well-known tools for performing ARP 
spoofing attacks include Ettercap, Cain & Abel, and arpspoof. Using these 
tools in combination with a network sniffer (so you can watch the results) 
will give you great insight into this form of network attack. However, as 
always, perform these activities only on networks where you have proper 
approval; otherwise, your attacker activities could land you in legal trouble.
ARP mappings can be attacked through spoofi ng.
ARP spoofi ng
provides false MAC 
addresses for requested IP-addressed systems to redirect traffi c to alternate destinations. 
ARP attacks are often an element in man-in-the-middle attacks. Such attacks involve an 
intruder’s system spoofi ng its MAC address against the destination’s IP address into the 
source’s ARP cache. All packets received from the source system are inspected and then 
forwarded to the actual intended destination system. You can take measures to fi ght ARP 
attacks, such as defi ning static ARP mappings for critical systems, monitoring ARP caches 

568
Chapter 12 
■
Secure Communications and Network Attacks
for MAC-to-IP-address mappings, or using an IDS to detect anomalies in system traffic and 
changes in ARP traffic.

Download 19,3 Mb.

Do'stlaringiz bilan baham: