• Journal of Convergence Society for SMB
• /
• v.4 no.1
• /
• pp.47-53
• /
• 2014

DNS spoofing, the DNS server with the address of a specific web server intercepts them in the process of translating the attacker wants to forge a Web server that is a way to access. ARP spoofing ARP request and response messages for the protocol without authentication vorticity incorrect information as to the ARP Cache Table to store the MAC addresses of their vulnerability using the MAC address of the other computer as if it were a lie technique. These DNS / ARP spoofing attacks in detail to find out about how it looks at ways to prevent. Think about the future research directions.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.1
• /
• pp.61-71
• /
• 2017

ARP Spoofing is a basic and core hacking technology for almost all sniffing. It makes change the flow of packets by faking the 2nd layer MAC address. In this paper we suggested an efficient hacking technology for sniffing remote servers in the switched network environment. The suggested 'Faked ARP Reply Unicast Spoofing' makes the bidirectional packets sniffing possible between the client and server, and it makes simplify the procedures for ARP sniffing and hacking program. In this paper we researched the network hacking and implementation technologies based on the suggested ARP spoofing. And we researched various types of servers hacking such as Root ID and PW of Telnet/FTP server, Root ID and PW of MySQL DB server, ID and PW of Web Portal Server, and account information and transaction history of Web Banking Server. And also we researched the implementation techniques of core hacking programs for the ARP Spoofing.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.11 no.6
• /
• pp.93-106
• /
• 2011

In this paper we describe an efficient and easy to use internet stopper, which is called AINS (Automatic Internet Stopper), which uses ARP spoofing scheme. Instead of forwarding packets to router for the case of hacking, in ARP spoofing, the AINS ignores all the packets so that internet stopping operates. The AINS program needs to be installed only in manager computer that does not require additional agent program. In addition to setting manually the stopping computer list, it is able to indentify network nodes automatically by analyzing broadcasting packets. The experimental results show that less than 4 secs for spoofing interval is enough for blocking internet usage regardless the number of computers and therefore network overhead is negligible. The AINS can indentify and control network nodes not only on same subnet but also on different subnet only if they are connected onto same ethernet switch physically. It is being used for an efficient tool for controling internet usage of university computer laboratory and also for an efficient network management.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2005.05a
• /
• pp.1565-1568
• /
• 2005

ARP 스푸핑(spoofing) 란 ARP reply message를 동일 서브넷 상의 호스트들에게 보내어 관리자 컴퓨터가 라우터로 믿게 하는 것을 말한다. 스푸핑에 의해 패킷들이 관리자로 보내지는 상황에서 관리자가 그 패킷들을 본래 라우터로 전달하지 않고 폐기한다면 서브넷 상의 호스트들은 인터넷을 사용할 수 없는 상황이 된다. 본 논문에서는 이러한 방법을 이용하여 인터넷 차단기를 구현하였다. 구현된 인터넷 차단기는 대학교 실습실과 같은 공공의 네트워크 환경에서 필요에 의해 인터넷을 잠시 중단시킬 필요가 있는 경우 간단하게 인터넷 사용을 차단할 수 있다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.23 no.11
• /
• pp.1451-1461
• /
• 2019

DNS spoofing is an attack in which an attacker intervenes in the communication between client and DNS server to deceive DNS server by responding to a fake IP address rather than actual IP address. It is possible to implement a pharming site that hacks user ID and password by duplicating web server's index page and simple web programming. In this paper we have studied web spoofing attack that combines DNS spoofing and pharming site implementation which leads to farming site. We have studied DNS spoofing attack method, procedure and farming site implementation method for portal server of this university. In the case of Kyungsung Portal, bypassing attack and hacking were possible even though the web server was SSL encrypted and secure authentication. Many web servers do not have security measures, and even web servers secured by SSL can be disabled. So it is necessary that these serious risks are to be informed and countermeasures are to be researched.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.4
• /
• pp.203-210
• /
• 2017

Address resolution protocol (ARP) is used for binding a logical address to a physical address in many network technologies. However, since ARP is an stateless protocol, it always abused for performing ARP-based attacks. Researchers presented many technologies to improve ARP protocol, but most of them require a high implementation cost or scarify the network performance for improving security of ARP protocol. In this paper, we present an address auto-resoultion (AAR) network system to neutralize the ARP-based attacks. The AAR turns off the communication function of ARP messages(e.g. request and reply), but does not disable the ARP table. In our system, the MAC address of destination was designed to be derived from destination IP address so that the ARP table can be managed statically without prior knowledge (e.g., IP and MAC address pairs). In general, the AAR is safe from the ARP-based attacks since it disables the ARP messages and saves network traffics due to so.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2011.05a
• /
• pp.432-435
• /
• 2011

Hacking 공격자에 대한 수사실무에서는 Proxy Server를 연동한 해외에서의 우회공격에 대한 기법과 기술을 알아야 MAC address 또는 Real IP에 대한 역추적이 가능하다. 즉 Proxy Server를 여러 번 거치면서 자신의 Real IP를 숨기고 ARP Spoofing 기법을 사용하여 MAC address를 속이기 때문이다. 본 논문에서는 해외에서의 해킹 공격자들이 어떻게 공격자의 Real IP를 숨기고, ARP Spoofing 기법을 응용하여 공격을 시도하는 기법과 기술을 연구한다. 또한 Proxy Server를 통한 우회공격에서 ARP Spoofing 공격을 보안하는 방법을 연구한다. 본 논문 연구가 해외로 부터의 Hacking과 방어를 위한 기술 발전에 기여 할 것 이다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.17 no.3
• /
• pp.641-648
• /
• 2013

ARP spoofing is a typical Internet attack, in which an attacker sends data by changing his's MAC address with the other's one. Currently, this attack is usually dealt with separating the attacking PCs infected with ARP spoofing virus, by keeping network devices investigating by the network manager. However, this manual process has some limitations in time and accuracy. This paper proposes a new network management system to replace the effort of network manager who has to keep on inspecting the network. Along with designing an ARP analyzer and a disconnection notifier and adding them into the existing network management system, the proposed system provides a basement to identify and notify the PC infected by an ARP spoofing virus with fast and high accuracy. As a result, it is expected to minimize the network break off and to make easy the network management.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2004.05a
• /
• pp.1083-1086
• /
• 2004

Switched Network는 Shared Network 에 비해서 스니핑에 안전하다. 하지만 비교우위일뿐 절대적으로 스니핑에 안전한 것은 아니다. 이미 Switched Network 상에서 스니핑을 할 수 있는 공격툴들이 많이 소개되어 있다. 본 논문에서는 Switched Network 상에서 ARP(Address Resolution Protocol) 스푸핑을 통한 ARP 캐시 오염을 통하여 스니핑이 가능한 시나리오를 기술한다. 이러한 시나리오를 탐지하기 위한 기존의 방법은 DHCP와 같은 동적인 환경이 포함된 경우 False Positive 를 자주 발생시키기 때문에 문제가 된다. 여기에서는 이러한 False Positive를 줄인 탐지 방법을 제시하고자 한다.