Wednesday, September 12, 2007

Using Cain and Abel for ARP poisoning

You can perform ARP poisoning on your switched Ethernet network to test your IDS/IPS or to see how easy it is to turn a switch into a hub and capture anything and everything with a network analyzer.

ARP poisoning can be hazardous to your network's hardware and health, causing downtime and more. So be careful!

Perform the following security testing steps to use Cain and Abel for ARP poisoning and improve Microsoft network security:

  1. Load Cain and Abel and click the Sniffer tab at the top to get into the network analyzer mode. It defaults to the Hosts page.
  2. Click the Start/Stop ARP icon (the yellow and black circle). This starts the ARP poison routing (how Cain and Abel refers to ARP poisoning) process and also enables the built-in sniffer.
  3. If prompted, select the network adapter in the window that displays and click OK.
  4. Click the blue + icon to add hosts to perform ARP poisoning on.
  5. On the MAC Address Scanner window that comes up, ensure the All Hosts in My Subnet option is selected and click OK.
  6. Click the ARP tab (the one with the yellow and black circle icon) at the bottom to load the ARP page.
  7. Click in the white space under the uppermost Status column heading (just under the Sniffer tab). This re-enables the blue + icon.
  8. Click the blue + icon, and the New ARP Poison Routing window comes up showing the hosts discovered in Step 3 above.
  9. Select your default route (in my case, 10.11.12.1). This will then fill the right-hand column with all the remaining hosts, as shown in Figure 9-20.
  10. Ctrl+click all the hosts in the right column that you want to poison.
  11. Click OK, and the ARP poisoning process starts. This process can take anywhere from a few seconds to a few minutes depending on your network hardware and each hosts' local TCP/IP stack. The results of ARP poisoning on my test network are shown in Figure 9-21.
  12. You can use Cain and Abel's built-in passwords feature to capture passwords traversing the network to and from various hosts simply by clicking the Passwords tab at the bottom of the screen.
Figure 9-20: Selecting your victim hosts for ARP poisoning in Cain and Abel.



Figure 9-21: ARP poisoning end results in Cain and Abel.

This excerpt is from Chapter 9 - Network Infrastructure in "Hacking for Dummies, 2nd edition," written by Kevin Beaver and published by Wiley Publishing.
Posted by at