ARP and DoS
Today I had some free time so I was cleaning my desktop and found my reading shelf folder and it had over 70 files to be read, so I started reading. I came across one whitepaper from DEFCON 15, from Jesse D’ Aguanno. It talked about Forging of ARP packets, I kept on reading and when I finished it opened his homepage for the software to download. Unfortunately I didn’t have linux on my laptop and wasn’t able to find some good software for packet injection. Finally I came across Netwox and from there my R&D started. 
- Downloaded the binary & installed it.
- Scanned the LAN and found some MAC addresses.
- Then started injecting some packets.
The end result: I was able to block more than 20 PCs from accessing the internet. What actually happened was I sent ARP Reply packets to the LAN PCs telling them that the gateway 10.0.0.1 had a MAC address ff:00:ff:00:ff:00 which didn’t exist. So whenever they tried to access internet, their packets would be lost.
Accidentally I did this to one of my friends as well, question arised how to make internet accessible to him again? I first asked him to pull out the network cable and try again. But it didn’t work. Then disabled and enabled the network but still no go. Finally he had to restart his PC.
This technique can poision the ARP cache of thousands of PCs in just seconds. I think will study how to stop it tomorrow.
The blocking of internet this way is called DoS Attack i.e., Denial of Service Attack. 
in Computer Security, Gaming Freaks
Tagged with: ARP • defcon 15 • DoS • network • packet forging • penetration • security
Please leave a Comment
If you would like to make a comment, please fill out the form below.
You could have simply flushed his computer’s ARP cache, or deleted and rebuilt the affected arp entry,,