1 00:00:01,530 --> 00:00:03,810 ‫An AP spoof is performed. 2 00:00:04,050 --> 00:00:08,970 ‫Replying to an AAP request before the real owner of the IP address. 3 00:00:10,010 --> 00:00:15,890 ‫Because of the lack of authentication mechanisms in our protocol, you're able to set yourself as the 4 00:00:15,890 --> 00:00:19,130 ‫owner of the ship in the source machines ARP table. 5 00:00:20,160 --> 00:00:20,460 ‫OK. 6 00:00:21,000 --> 00:00:28,020 ‫To understand the ARB spoof or ARB cache poisoning attack, let's remember the ARB protocol and its 7 00:00:28,020 --> 00:00:29,100 ‫principles once again. 8 00:00:30,070 --> 00:00:37,300 ‫Address resolution protocol, AAP is a network layer protocol used for mapping a network address, such 9 00:00:37,300 --> 00:00:41,920 ‫as an IPv4 address to a physical address, such as a Mac address. 10 00:00:42,960 --> 00:00:50,610 ‫To simulate how the ARPU mechanism works, we have a small network in the slide, a switch on top and 11 00:00:50,610 --> 00:00:54,960 ‫three computers connected to it Computer A wants to talk to computer see. 12 00:00:56,610 --> 00:01:00,540 ‫It puts an AAP request onto the wire, which happens to be broadcast. 13 00:01:01,440 --> 00:01:05,730 ‫Essentially, what it's saying is who has computer seized Mac address? 14 00:01:06,930 --> 00:01:11,100 ‫Of course, because it's a broadcast, every system on the network hears it. 15 00:01:12,100 --> 00:01:13,270 ‫Does everybody respond? 16 00:01:13,990 --> 00:01:19,540 ‫Well, what happens is that be here is that a is looking for the Mac address of computer, see? 17 00:01:20,860 --> 00:01:26,530 ‫B knows that it's not Computer C and therefore does not respond to the broadcast. 18 00:01:27,680 --> 00:01:35,240 ‫The broadcast, the AAP request goes out to every system, but the only system that will reply is computer 19 00:01:35,240 --> 00:01:37,340 ‫see with an AAP reply. 20 00:01:38,360 --> 00:01:43,790 ‫In other words, computer age says who has the Mac address of a computer see, and although all the 21 00:01:43,790 --> 00:01:49,700 ‫workstations hear the question, only see replies and says, I've got the Mac address of computer. 22 00:01:49,700 --> 00:01:51,890 ‫See, and this is what it is. 23 00:01:52,640 --> 00:01:53,180 ‫So they are. 24 00:01:53,240 --> 00:01:56,240 ‫Reply sends back the Mac address to Computer A.. 25 00:01:57,110 --> 00:02:01,040 ‫And each of these machines start building in our table. 26 00:02:02,110 --> 00:02:09,430 ‫These are how AAP requests and responses look in Wireshark, the first packet is an AAP request, as 27 00:02:09,430 --> 00:02:11,320 ‫you see it is broadcast. 28 00:02:12,430 --> 00:02:14,980 ‫And the second packet is an AAP reply. 29 00:02:16,120 --> 00:02:21,460 ‫The owner of the IP two zero seven answers with its Mac address, as you see. 30 00:02:21,910 --> 00:02:28,450 ‫Our request is broadcast throughout the network and the first reply is trusted and accepted. 31 00:02:30,280 --> 00:02:34,870 ‫OK, so we have already seen the routine of the ARB protocol. 32 00:02:35,950 --> 00:02:40,570 ‫Computer sends in our request the request is broadcast. 33 00:02:42,100 --> 00:02:47,680 ‫The owner of the ship replies with an ARP reply and both sides update, there are tables. 34 00:02:48,740 --> 00:02:50,930 ‫Now we have an attacker in the network. 35 00:02:52,380 --> 00:03:00,540 ‫OK, so this is how they are spoof attack works, Computer A wants to talk to computer, see if the 36 00:03:00,540 --> 00:03:04,290 ‫Mac address table of Computers C is not in the art table of computer. 37 00:03:05,370 --> 00:03:09,840 ‫It puts an art request into the wire, which happens to be broadcast. 38 00:03:10,890 --> 00:03:15,570 ‫This is a point where all the computers on the network get the ARP request. 39 00:03:17,070 --> 00:03:23,400 ‫So although it's not his IP address, the attacker replies the AAP request before the real owner. 40 00:03:24,440 --> 00:03:29,570 ‫And this hour reply, the attacker puts his own Mac address corresponding to the target IP address. 41 00:03:31,270 --> 00:03:38,650 ‫Computer receives the art supply and stores the address paper and its ARP table and communication takes 42 00:03:38,650 --> 00:03:39,040 ‫place.