Mike Beekey ARP Vulnerabilities Indefensible Local Network Attacks

Channel:
United States All Hacking Cons
Subscribers:
5,970
Published on ● Video Link: https://www.youtube.com/watch?v=hKfmkKWz8wM


Duration: 1:03:01
9 views
1

Mike Beekey, Senior Manager - Deloitte & Touche
ARP Vulnerabilities: Indefensible Local Network Attacks?

ARP may be one of the most used, but least respected protocol allowing two devices to establish communications with each other across a network. Unfortunately, even with its critical role of mapping the logical address to physical address, ARP is inherently susceptible to a variety of spoofing attacks within local subnets. While there have been discussions surrounding this issue and tools written to take advantage of these features, its potential to cause nearly indefensible denial of service attacks with minimal effort, appears to still be understood by only a few.

This presentation assumes some familiarity with ARP and will only briefly review the basics. We will discuss the vulnerabilities and a variety of common attack tactics, such as turning your expensive network switch into a dumb hub, sniffing, and performing session hijacking. We will then discuss some more unfriendly techniques including preventing individuals from accessing network resources, stopping kiddies from performing network scans, and best or worst of all, bringing all local network connectivity to a complete halt. In addition, we will clear up some prevalent misconceptions about potential defenses and countermeasures, vulnerable systems and devices, and methods for detecting and reacting to these attacks. Lastly, we will discuss and demonstrate testing methods,exploit techniques, and countermeasures using several custom tools.

Mike is a senior manager at Deloitte & Touche and has been working in the computer security area for over eight years. Mike has extensive experience in performing manual penetration and vulnerability testing in a variety of environments. His particular of focus and interest is in network protocols, and ways to manipulate them for various attacks and abuse of network devices and IDS systems. Mike has worked as a consultant for a variety of commercial clients, as well as federal and civilian government agencies.

Black Hat - USA - 2001 Hacking conference
#hacking, #hackers, #infosec, #opsec, #ARP, #LAN



Other Videos By All Hacking Cons


2021-12-25Brian Martin and B K DeLong Lessons Learned From attrition org
2021-12-25Halvar Flake Hit Them Where It Hurts Finding Holes in COTS Software Part 2
2021-12-25Marshall Beddoe and Chris Abad The Siphon Project
2021-12-25Tim Newsham Cracking WEP Keys
2021-12-25Ian Goldberg Breaking 80211 WEP
2021-12-25Bruce Schneier Paradigms Lost Engineering vs Risk Management
2021-12-25Martin Roesch Snort
2021-12-25Chad R Skipper Polymorphism and Intrusion Detection Systems
2021-12-25Chip Andrews SQL Security Revisited
2021-12-25James Bamford Researching Secrets Part II
2021-12-25Mike Beekey ARP Vulnerabilities Indefensible Local Network Attacks
2021-12-25Jay Beale Attacking and Defending BIND DJBDNS DNS Servers
2021-12-25Cory Scott Systems Management in an Untrusted Network
2021-12-25Timothy Mullen Grabbing User Credentials via W2k ODBC Libraries
2021-12-25Palante Top 25 Overlooked Security Configuration on Your Switches and Routers
2021-12-25Jose Nazario The Future of Network Worms
2021-12-25Daji Sanai Promiscuous Node Detection Using ARP Packets
2021-12-24David Litchfield Compromising web Servers and Defensive Techniques
2021-12-24Jericho and Munge Hard Core Web Defacement Statistics Trends and Analysis
2021-12-24Job De Haas Getting Rooted and Never Knowing It
2021-12-24Mark Kadrich Intrusion Detection in High Speed Networks


Tags:
data
hacker
security
computer
cyber
internet
technology
hacking
attack
digital
virus
information
hack
online
crime
password
code
web
concept
thief
protection
network
scam
fraud
malware
secure
identity
criminal
phishing
software
access
safety
theft
system
firewall
communication
business
privacy
binary
spy
programmer
program
spyware
hacking conference
conference
learn
2022
2021
cybersecurity
owned
break in
google
securing
exploit
exploitation
recon
social engineering
Mike Beekey