Javascript Spoof!

by Andrew N

http://www.google.com/imgres?um=1&hl=en&safe=off&biw=835&bih=699&tbm=isch&tbnid=V8ANDyOWcUMJGM:&imgrefurl=http://cyberwarfaremag.wordpress.com/2009/07/14/a-small-and-quick-introduction-to-arp-poisoning/&docid=D3M6GJwk23VzOM&imgurl=http://cyberwarfaremag.files.wordpress.com/2009/07/arp-poisoining-schema.jpg&w=391&h=528&ei=ERauTrPoJcObiALcjO2CCw&zoom=1&iact=hc&vpx=568&vpy=300&dur=1098&hovh=261&hovw=193&tx=127&ty=176&sig=105351635538796739217&page=1&tbnh=171&tbnw=127&start=0&ndsp=9&ved=1t:429,r:5,s:0

Javascript Spoof!

This journal entry I read about is on Address Resolution Protocol (ARP) Poisoning and they discuss that one of the ways that poisoning is done is through the insertion of malicious Javascript code in realtime throughout a Local Area Network. ARP Poisoning is when attackers identify themselves as owners of certain IP addresses that are requested from a MAC address. The attacker poses themselves as that address basically redirects traffic within the LAN to their advantage. “Attackers typically embed a single line containing an iframe tag pointing to a different (compromised) server. This causes all clients visiting this Web page to retrieve (and execute) content from that other server, which typically serves client-side exploits against browsers such as Internet Explorer or Mozilla.” (Ahmad & Sachs, 2009) The attacker doesn’t necessarily deface the website but instead tries to get to as many clients as they can through the network. Researchers have said that these have been happening randomly but there are Chinese hacking groups who have a set of tools they use and can insert code in real-time.

I recently heard about ARP Poisoning very vaguely and that was what grabbed my interest in reading this article and of course how JavaScript is used to trick users via a browser. From my knowledge this is one of many ways of hackers to be able to manipulate users in an indirect way. Instead of attacking them and letting them know so, the revert the attack on the user so that they bring it upon themselves by click on the wrong things.

I would like to see this is action someday and of course it would be for educational purposes. Learning how to defend yourself from such event is another question. The journal entry did explain ways such as check for vendor specific address and make sure they are matching, but of course MAC addresses can be changed so that can’t be the only thing to rely on. They say checking for network traffic through other programs for gratuitous amount of addresses would be another way.

Ahmad, D., & Sachs, M. (2009, May-June). Malicious JavaScript insertion through ar p poisoning attacks. Retrieved from http://0-ieeexplore.ieee.org.opac.library.csupomona.edu/stamp/stamp.jsp?tp=&arnumber=5054915