1 00:00:01,500 --> 00:00:09,000 An AARP spoof is performed replying to an AAP request before the real owner of the IP address. 2 00:00:09,980 --> 00:00:15,920 Because of the lack of authentication mechanisms in our protocol, you're able to set yourself as the 3 00:00:15,920 --> 00:00:19,130 owner of the IP in the source machine's ARP table. 4 00:00:20,130 --> 00:00:24,990 OK, do you understand the art spoof or AAP cash poisoning attack? 5 00:00:25,620 --> 00:00:29,100 Let's remember the art protocol and its principles once again. 6 00:00:30,040 --> 00:00:37,300 Address Resolution Protocol AAFP is a network layer protocol used for mapping a network address such 7 00:00:37,300 --> 00:00:41,950 as an IP v4 address to a physical address such as a Mac address. 8 00:00:42,990 --> 00:00:50,610 To simulate how the ERP mechanism works, we have a small network in the slide, a switch on top and 9 00:00:50,610 --> 00:00:52,200 three computers connected to it. 10 00:00:52,770 --> 00:00:54,960 Computer wants to talk to computers, see? 11 00:00:56,580 --> 00:01:02,520 It puts an ARP request onto the wire, which happens to be broadcast, essentially what it's saying 12 00:01:02,520 --> 00:01:05,760 is who has computers, his Mac address. 13 00:01:06,960 --> 00:01:11,130 Of course, because it's a broadcast, every system on the network hears it. 14 00:01:12,100 --> 00:01:18,670 Does everybody respond well, what happens is that B hears that A is looking for the Mac address of 15 00:01:18,670 --> 00:01:19,570 Computer C. 16 00:01:20,860 --> 00:01:26,560 B knows that it's not computer C and therefore does not respond to the broadcast. 17 00:01:27,680 --> 00:01:35,270 The broadcast, the request goes out to every system, but the only system that will reply is computer 18 00:01:35,270 --> 00:01:37,340 see with an ARP reply. 19 00:01:38,330 --> 00:01:44,570 In other words, Computer says, who has the Mac address of a computer see, and although all the workstations 20 00:01:44,570 --> 00:01:51,440 here, the question only she replies and says, I've got the Mac address of computer C and this is what 21 00:01:51,440 --> 00:01:51,940 it is. 22 00:01:52,610 --> 00:02:00,020 So they are purply sends back the Mac address, the computer A and each of these machines start building 23 00:02:00,170 --> 00:02:01,040 an ark table. 24 00:02:02,110 --> 00:02:08,680 These are how our request and responses look in Wireshark, the first packet is in our request. 25 00:02:09,190 --> 00:02:18,460 As you see it is broadcast and the second packet is in our reply, the owner of the IP two zero seven 26 00:02:18,460 --> 00:02:20,080 answers with its Mac address. 27 00:02:20,800 --> 00:02:28,480 As you see, our request is broadcast throughout the network and the first reply is trusted and accepted. 28 00:02:30,220 --> 00:02:34,870 OK, so we have already seen the routine of the AAFP protocol. 29 00:02:35,820 --> 00:02:40,630 A computer sends an AAP request, the request is broadcast. 30 00:02:42,070 --> 00:02:47,710 The owner of the AIP replies with an ARP reply and both sides update, there are tables. 31 00:02:48,740 --> 00:02:50,990 Now we have an attacker in the network. 32 00:02:52,350 --> 00:03:00,570 OK, so this is how the art spoof attack works, computer AI wants to talk to computer, see if the 33 00:03:00,570 --> 00:03:04,380 Mac address table of computers C is not in the art table of computer. 34 00:03:05,340 --> 00:03:09,840 It puts an ARP request into the wire, which happens to be broadcast. 35 00:03:10,860 --> 00:03:15,570 This is a point where all the computers on the network get the ARP request. 36 00:03:17,070 --> 00:03:23,430 So although it's not his IP address, the attacker replies the AAP request before the real owner. 37 00:03:24,410 --> 00:03:29,600 In this hour, Purply, the attacker, puts his own Mac address corresponding to the Target IP address. 38 00:03:31,300 --> 00:03:38,680 Computer receives the art supply and stores the address paper and its art table and communication takes 39 00:03:38,680 --> 00:03:39,070 place.