Cyber Threats

ARP poisoning Address Resolution Protocol spoofing, also referred to as ARP flooding, or ARP poisoning/ARP poison routing is a mechanism that is employed when one wants to attack an Ethernet wireless or wired network. This technique may allow the attacker to undertake packet sniffing. In case of email, the attacker will sniff the traffic sent by one host to another host ion the network (Tan Ruighaver 2005). In the normal operations of ARP, there will be broadcasting of host IP address and MAC addresses. When some host wants to send some information to a certain host, it will send a broadcast asking who has a certain IP address. The host with the respective IP address will reply to the request and will do so with the correct IP address and the MAC address. This communication happens with a lot of gullibility (Salomon Cassat 2003). This is because, ARP does not have authentication. The reply and the host which replies that it has the said IP address and MAC address will not be authenticated. In ARP communication, there is no authentication of the hosts. The host replying will be taken to be correct. ARP does not have a mechanism of correcting the information that it gets from the hosts which are communicating in the network (Salomon Cassat 2003). Since there is no authentication of the ARP requests and replies, the attacker will insert a wrong IP address to a computer cache. The ARP request will then be fed with the wrong IP address. This is called ARP poisoning, that is the ARP table has been poisoned with wrong information. The attacker manages to lie to the machines and to the people in the network (Russell Gangemi 2011). What these attacks do is that they will get what is taking place with the two parties. When the parties communicate, the attacker will get the packets and get the email password of either parties or even both parties. They can then use the passwords to undertake attacks (Peltier 2005). The possibility for an IP address to be associated with any given MAC address is another loophole for attacks. They are able to undertake many forms of attacks to the unsuspecting users and hosts in the network. In this state, other forms of network attack can be experienced. Other common forms of attacks that can be experienced include man-in-the-middle attacks, MAC flooding, and denial of service attacks (Orebaugh, Ramirez Beale 2007). Man-in-the-middle attacks This is an attack which is common in local area networks. This attack is a form of active and aggressive eavesdropping where the attacker will create independent connections between the parties communicating so that the attacker will feign either parties communicating. In the end, the parties communicating will think that they are having a private communication and yet in the real sense, the communication is being controlled by eth attacker (Neumann 2006). A hacker can make use of ARP spoofing/poisoning to attack the communication between communicating parties. This can sim0ply be undertaken by having the attacker sending ARP reply to a router. The router could be communicating with computer A. The router will send information regarding its IP address and the MAC address thinking that the requesting agent is computer A. After getting this information, the attacker will also send an ARP replies to machine A. Machine A will respond to the reply thinking that the machine is a router. It will then send information to the attacker. After getting the IP and MAC address, the attacker will then use the operating system characteristic that is referred to as IT forwarding. This feature will