Client Attacks: DNS & ARP Poisoning

Summary

Excerpt From wi-fi vulnerabilities part 2 Webinar
This Short Video, Presented by CTO, Dr. Brett Walkenhorst, Wiill Explain Client Attacks: DNS & ARP Poisoning.
CTO, Dr. Brett Walkenhorst, describes the threats of ARP table poisoning and DNS poisoning, showing how hackers can take advantage of trusted positions to alter network data and compromise security. Malicious actors can trick users into visiting fraudulent websites or disclosing private information by intercepting and rerouting data, highlighting the vital necessity of strong cybersecurity defenses to counter such sneaky operations.

Video Transcript

Another type of attack is called DNS poisoning. This is a very common approach for wired attacks as well. But when I'm in a position a trusted position as a person in the middle, I've captured your clients. I'm your access point. You trust me. I'm going to use that position to force you to change your mapping because I'm your gateway to the world.

Right? So I can really influence the way you see the world. I'm gonna change the way you map from domain names to IP addresses because I control that. I'm your gateway. So what you can do is with some with some straightforward tools and commands, you set up domains and spoofed addresses, and you run this thing so that when a client attempts to access that domain through you, you modify their tables and point them to an IP address that's something you control.

And then you got a web server somewhere that is serving up this information, and then you could do whatever you want. Right? I'm pointed here to Amazon. And instead of the Amazon page, I get this page that says, hey. I hacked you. I probably wouldn't do that as a hack as a hacker, but as a proof of concept, you can see this works.

And now I can I can offer you whatever content I want and seek to further compromise you through that controlled position? Similarly, I can poison your ARP tables, which is mapping from MAC addresses to IP addresses on the local network. So you know that you're supposed to try to get access to a certain resource, a a certain MAC address, and you know what the the IP address is.

But as your gateway, I can force you to change that so that you end up going to someone else. And I can sniff all of that and end up cracking credentials or or managing the flow of information in some other way to further compromise you. So similar methodology to the DNS poisoning, in this trusted position, I simply modify the way that you see the world and point you to different resources that you really shouldn't be trusting.