Otros
Análisis de vulnerabilidades de suplantación en el protocolo tcp/ip e implementación de controles de mitigación.
Fecha
2018Registro en:
Astudillo Pizarro, L.A. (2018) Análisis de vulnerabilidades de suplantación en el protocolo tcp/ip e implementación de controles de mitigación. (examen complexivo). UTMACH, Unidad Académica de Ingeniería Civil, Machala, Ecuador. 33 p.
ECUAIC-2018-IS-DE00002
Autor
Astudillo Pizarro, Luis Alberto
Institución
Resumen
The spoofing attacks in the TCP / IP protocol are those in which the attacker conceals his identity, making the other members of a network believe that it is a known or authorized device. These attacks can occur at various levels of the protocol stack, is the case of MAC address Spoofing at the level of network access, IP spoofing at the Internet level, ARP poisoning which attacks the protocol that links these first two levels, reaching even the top level of the stack, the application level, where the DNS and DHCP protocols can be intercepted by malicious hosts. The purpose of this document is to investigate and prevent such attacks. Its theoretical bases are presented with a brief explanation of each affected protocol, the way in which the attackers can achieve said spoofing, and some of the methods used to mitigate the vulnerabilities that make them possible. The GNS3 software was used to simulate a scenario that consisted of two subnetworks connected through a router, in which the Ettercap tool was used to spoof the ARP and DNS protocols effectively, and Wireshark tool to spy on network traffic. once the attack has been achieved. With this it was possible to demonstrate the threat represented by these attacks, and the need to establish controls, as was done in the final part when the cache arp tables entries from the hosts were changed to static, thus obtaining a more secure and spoofing proof scenario.