Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister

ARP spoofing attack ---- Advice Needed

by sagarkha (Acolyte)
on Oct 21, 2010 at 14:08 UTC ( #866558=perlquestion: print w/replies, xml ) Need Help??
sagarkha has asked for the wisdom of the Perl Monks concerning the following question:

Hello Monks I have developed a ARP spoofing script in Perl. This script actually corrupts ARP entry of all PC's in a LAN(only one subnet like, also it can corrupt router/L3 device ARP table. I have used it in my Office and the entire department was down, people were thinking that either switch or the firewall has gone down, but the actual reason was that i corrupted their PC's ARP entry through that script.   I dont think it is something unique i have developed and i m sure people must have used in the past, but still I want monks to check it. Now the problem is that if I post my code here, any hacker can use it for wrong purpose and my intensions are not to harm anybody. I have got a lot of experience in Network Admin/Security Admin role but i am new to Perl and Ethical Hacking.

Replies are listed 'Best First'.
Re: ARP spoofing attack ---- Advice Needed
by marto (Bishop) on Oct 21, 2010 at 14:17 UTC

    "I dont think it is something unique i have developed and i m sure people must have used in the past"

    You're right, anyone can google search this topic and find code to do it, even from this site.

    "I have got a lot of experience in Network Admin/Security Admin"

    Let's hope you asked permission before taking the "entire department" down. Why do you want someone to check this? Since you know it works (in the sense it does what you wanted it to do), what advice are you looking for? Help to make your code take down a network faster?

Re: ARP spoofing attack ---- Advice Needed
by talexb (Canon) on Oct 21, 2010 at 16:59 UTC
      I have got a lot of experience in Network Admin/Security Admin role but i am new to Perl and Ethical Hacking.

    So taking the entire department .. down was 'ethical hacking'? I'm not so sure.

    Alex / talexb / Toronto

    "Groklaw is the open-source mentality applied to legal research" ~ Linus Torvalds

Being ethical after screwing up
by pemungkah (Priest) on Oct 22, 2010 at 02:18 UTC
    TL,DR: Ethical hackers apologize and take their lumps when they screw up. You have screwed up.

    The following is advice on digging yourself out of the hole you're in (because you are in one even if you don't think so) from the "getting along at work" POV. No code content.

    I would, were I you, first make sure that you are up-front about your script taking down the entire department. If you just hope that no one will find out - well, maybe they won't this time, or maybe they will and there will be a Explanation Needed. You absolutely do not want to wait for an Explanation Needed moment; you want to go straight to the most closely involved - the system admin, if that's not you, and your supervisor.

    The system admin needs to know because when the network goes down, it's his or her job to find out what happened; you will score a few Honest points for not making him or her spend weeks trying to find the source of the problem. (You have already scored a lot of Idiot points for taking down a production network, but that can't be helped now.) If your sysadmin is sharp, it's possible the ARP spoof will be traced back to you - and if someone else finds out who caused the problem before you own up, it could be a career-limiting event, and possibly a job-terminating one.

    Your boss needs to know because he or she is responsible for your actions, and having you run wild on the network and finding this out from someone else could be a black mark on his or her record - and it is never a good idea to be the person responsible for making your boss look bad (or underinformed).

    You should, right now, or as soon as possible, go and confess - your boss first, and the sysadmin next, possibly with your boss present - the order depends on who you judge to be the most sympathetic. If your boss is likely to stick up for you, see your boss first. If the sysadmin is someone who just wants to know what happened and isn't going to be too angry about it, go to the sysadmin first. You want to make sure that you have the more-supportinve person in your corner when you go to talk to the less-suportive one.

    Tell both of them the truth - that you thought you'd seen a security hole, and wanted to test it, but your test unfortunately actually caused a problem which you hadn't intended or expected (in that the production network went down).

    You are going to have to apologize, and very probably grovel. You are going to have to make it pretty convincing that you really didn't intend to do any damage - and I get the feeling that you didn't, but this did a lot more than you expected - if you want to keep the job you currently have. It's very likely that you're going to lose some privileges; if you don't make it really clear that you realize that this was a dumb thing to do and that you really, really promise never to do anything like it ever again on the work network, you might lose your job.

    If you are the sysadmin responsible for this network, then you need to go to your boss and let him/her know you were testing something and misjudged the impact; you'll set up an isolated test network if you need to try anything like this again (showing that both you know this was dumb and that you won't let it happen again).

    Now speaking to you personally:

    1. Running something that might break security on a live network where people are trying to get their jobs done is a cosmically dumb idea.
    2. Causing damage (and lost time is damage) absolutely is not "ethical".
    3. If you want to hack, you need to do it somewhere it won't break someone uninvolved's computer. Set up an independent netweork and test your code on that. If that's not possible, you have no business messing about with this stuff.
    4. Security researchers (at least the ethical ones) don't just run things to see what they'll do.
    I hope you've learned what this should have taught you: breaking other people's computers is unethical, bad form, dumb, and will get you in trouble.
Re: ARP spoofing attack ---- Advice Needed
by Dru (Hermit) on Oct 21, 2010 at 19:32 UTC
    This is the funniest post I have read in a long time.
Re: ARP spoofing attack ---- Advice Needed
by bluescreen (Friar) on Oct 22, 2010 at 01:03 UTC

    Well he/she said is new to Ethical Hacking. The basic advice I can give you is the ethical definition. Bringing down a network doesn't proves anything. You could easily cross wires of the electric outlet and get exactly the same results, even more effective.

    If you really want to be an ethical hacker notify the possible target, manufacturers and OS developers their vulnerabilities first and help them build a more secure network.

      If you really want to be an ethical hacker notify the possible target, manufacturers and OS developers their vulnerabilities first and help them build a more secure network.

      IANAL, but that sounds like a neat way to land in jail by confessing to the crime. Arp spoofing is as old as arp itself.

        Hello Monks

        Thanks for your suggestions & comments, maybe some of you think this is funniest post but let me tell you my intensions were not wrong, I did it becuase i was not aware wether it will work or not. And after doing this I told by Team Leader about it and he ordered me to immediately stop whatever i am doing. Yes, you all are right, I should have done it in test environment, but as of now I do not have any test environment at home or office and now I plan to build one for me at home. I appologies for all my wrong doings.

        I myself started leaning all these because we used to face a lot of attacks from hackers. We have protected our network from numerous security devices like Firewalls, VPN Concentartor, IPS, NAC Device, Proxy, RSA, Router ACLs, Antivirus, Email Security etc. But even then somehow hackers pentrate into our network and do malicious activities and what is more frustrating for me was the fact that a lot of times we didnt understand from where this virus came and what actually it is doing.

        Also I wanted this to be checked by you guys becuase I was confused how all this is happening, initialy I thought it could be a bug in MS XP but later i found out that i am able to corrupt Cisco L3 swtich's ARP as well. So i become more confused. Every PC has a Antiviurs installed, atleast Antivirus should have detected a ARP flooding attack since as per my script every PC was reciving a fake ARP reply packet after every 1 minute.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://866558]
Approved by Marshall
[erix]: swedes in winter have too much time on their hands

How do I use this? | Other CB clients
Other Users?
Others chanting in the Monastery: (7)
As of 2018-02-22 15:33 GMT
Find Nodes?
    Voting Booth?
    When it is dark outside I am happiest to see ...

    Results (294 votes). Check out past polls.