ARP Vulnerabilities - Indefensible Local Network Attacks

Explore the vulnerabilities of Address Resolution Protocol (ARP) and their potential for indefensible local network attacks in this Black Hat USA 2001 conference talk. Delve into ARP message formats, including request and reply messages, and examine various attack types such as sniffing on hubs and switches, host-to-host exploits, and router exploits. Learn about session hijacking, man-in-the-middle attacks, and denial of service techniques. Investigate countermeasures like session encryption, strong authentication, and port security. Discuss operating system vulnerabilities, firewall considerations, and IDS architecture issues. Gain insights into OS-level detection methods and hypothetical detection applications. Review public domain tools and a comprehensive bibliography before concluding with a demonstration of the discussed concepts in a practical environment.

Intro
Overview
ARP Message Formats
ARP Request Message
ARP Reply Message
Unsolicited ARP Reply
Types of Attack
Sniffing on a Hub
Switch Sniffing
Host to Host Exploit
Host to Router Exploit
Relay Configuration Attacker
Relay Configuration (cont.)
Sniffing Comments
Session Hijacking/MiM
Denial of Service
DOS MAC Entries Attacker
Web Surfing
Network-based IDS
Hostile Users
Switch Attacks (cont.)
Network "Bombs"
Operating Systems
Not Vulnerable
Firewalls
Session Encryption
Strong Authentication
Port Security (Cont.)
Hard Coding Addresses
Hard Coding Results
Countermeasure Summary
IDS Architecture Issues
OS Level Detection
Hypothetical Detection Application
Public Domain Tools
Bibliography
Demo Environment