1 00:00:01,520 --> 00:00:09,020 ‫An AARP spoof is performed replying to an Army request before the real owner of the IP address. 2 00:00:09,980 --> 00:00:15,950 ‫Because of the lack of authentication mechanisms in our protocol, you're able to set yourself as the 3 00:00:15,950 --> 00:00:19,160 ‫owner of the IP in the source machines ARP table. 4 00:00:20,160 --> 00:00:25,020 ‫OK, do you understand the art spoof or are cash poisoning attack? 5 00:00:25,650 --> 00:00:29,130 ‫Let's remember the art protocol and its principles once again. 6 00:00:30,080 --> 00:00:37,340 ‫Address Resolution Protocol AAFP is a network layer protocol used for mapping a network address such 7 00:00:37,340 --> 00:00:41,960 ‫as an IP v4 address to a physical address such as a Mac address. 8 00:00:42,990 --> 00:00:50,640 ‫To simulate how the ARPU mechanism works, we have a small network in the slide, a switch on top and 9 00:00:50,640 --> 00:00:52,230 ‫three computers connected to it. 10 00:00:52,780 --> 00:00:54,990 ‫Computer wants to talk to computer see. 11 00:00:56,600 --> 00:01:02,540 ‫It puts an ARP request onto the wire, which happens to be broadcast, essentially what it's saying 12 00:01:02,540 --> 00:01:05,780 ‫is who has computers, his Mac address. 13 00:01:06,990 --> 00:01:11,160 ‫Of course, because it's a broadcast, every system on the network hears it. 14 00:01:12,140 --> 00:01:18,680 ‫Does everybody respond well, what happens is that B hears that A is looking for the Mac address of 15 00:01:18,680 --> 00:01:19,580 ‫computers C. 16 00:01:20,880 --> 00:01:26,610 ‫B knows that it's not computer C and therefore does not respond to the broadcast. 17 00:01:27,710 --> 00:01:35,300 ‫The broadcast, the AAP request goes out to every system, but the only system that will reply is computer 18 00:01:35,300 --> 00:01:37,360 ‫see with an AAP reply. 19 00:01:38,360 --> 00:01:44,570 ‫In other words, Computer says, who has the Mac address of a computer see, and although all the workstations 20 00:01:44,570 --> 00:01:51,470 ‫here, the question only she replies and says, I've got the Mac address of computer C and this is what 21 00:01:51,470 --> 00:01:51,950 ‫it is. 22 00:01:52,640 --> 00:01:56,270 ‫So they are purply sends back the Mac address the computer A. 23 00:01:57,140 --> 00:02:01,070 ‫And each of these machines start building an ark table. 24 00:02:02,110 --> 00:02:08,680 ‫These are how our request and responses look in Wireshark, the first packet is in our request. 25 00:02:09,220 --> 00:02:18,490 ‫As you see it is broadcast and the second packet is in our reply, the owner of the IP two zero seven 26 00:02:18,490 --> 00:02:20,110 ‫answers with its Mac address. 27 00:02:20,830 --> 00:02:28,480 ‫As you see, our request is broadcast throughout the network and the first reply is trusted and accepted. 28 00:02:30,240 --> 00:02:34,890 ‫OK, so we have already seen the routine of the AAFP protocol. 29 00:02:35,780 --> 00:02:38,160 ‫A computer sends an AAP request. 30 00:02:39,020 --> 00:02:40,640 ‫The request is broadcast. 31 00:02:42,090 --> 00:02:47,730 ‫The owner of the AIP replies with an ARP reply and both sides update, there are tables. 32 00:02:48,770 --> 00:02:51,020 ‫Now we have an attacker in the network. 33 00:02:52,360 --> 00:03:00,790 ‫OK, so this is how the art spoof attack works, computer wants to talk to computer, see if the Mac 34 00:03:00,790 --> 00:03:04,500 ‫address table of computers see is not in the art table of computer. 35 00:03:05,380 --> 00:03:09,880 ‫It puts an ARP request into the wire, which happens to be broadcast. 36 00:03:10,890 --> 00:03:15,610 ‫This is a point where all the computers on the network get the ARPA request. 37 00:03:17,120 --> 00:03:23,450 ‫So although it's not his IP address, the attacker replies the AAP request before the real owner. 38 00:03:24,440 --> 00:03:29,630 ‫In this hour, Purply, the attacker, puts his own Mac address corresponding to the Target IP address. 39 00:03:31,320 --> 00:03:38,700 ‫Computer receives the art supply and stores the address paper and its art table and communication takes 40 00:03:38,700 --> 00:03:39,090 ‫place.