Tuesday, 9 September 2014

Slow internet = Paranoia

I'm not exactly a network guy, Back in the first year of uni I did a few Cisco certification courses and it bored me to death.

Today while sitting in bed, eating shreddies (I'm definitely one of life's winners :D) my internet started to slow down. I started to think "If someone was to hack into my network would I know about it?" So I started to do some research.

I thought I would start by looking at some basic attacks, Man In The Middle (MITM) was one that I knew of so I thought I would look into how it actually worked. It's basically ARP Spoofing from what I could tell. ARP stands for Address Resolution Protocol, it's this protocol that maps the IP addresses to the hardware addresses (MAC). The basic idea can be described by the diagram:

While looking into ARP I started to understand the use of MAC addresses. Each hardware device has a hard coded mac address, but this can be "spoofed" in the software so when you sent information you can make it look like it's coming from some other hardware. This is used for ethical and non-ethical reasons, If you're going to look into this I suggest you do it on your own network with your own devices.

I downloaded a tool called ettercap which helped me test this attack out on my own network, it worked quite well and just goes to show how easy it is when you know how. Needless to say after this I changed my router password to something stronger, for all the good it will do...

Turns out my network was not compromised, it's just slow and desperately needs an upgrade...

(Note: Did you know that the first three octets of a mac address identify the manufacture of the hardware it is assigned to? Seriously type the first three octets of your mac address in here )

No comments:

Post a Comment