Ensuring information security for your datacenter is a crucial and difficult task. To protect data, organizations follow several security practices which at times cost them millions. Several open source tools provide available today provide economic and reliable way to monitor your network in real time and prevent hacking. The security of a network depends largely on how it is implemented and even if the system or network is properly implemented there remains possibilities of some vulnerabilities residing on them. The security encroachers exploit those vulnerabilities and get access into the system. There are several ways hackers exploit these vulnerabilities. They scan for open ports and services with weak security and eventually make their way to the network. They attack the network by DoS, DDoS and SYN attacks. The reality is, no matter how stringent are your security practices, newer and sophisticated attacks will always keep peeping into it. So what do you do when a relentless hacker surpasses all your security gates and find out a way to make all operations come to a standstill? How to figure out which systems are being attacked and what possible ways can help you stop him. Here we talk about some open source tools which will help you get a real time scenario of what goes on inside a network and how can you misguide a hacker during an active scan.
 |
| ArpAlert results which show IP address on which attack is launched and IP address of the machine from which the attack was launched. |
 |
| This shows that there is a flip flop in the Mac address . It also shows IP address of the targeted machine. |
 |
| The Mac address of the machine being spoofed and the replaced Mac address. |
ArpAlert -Watch who is connecting to your network
One of the best ways to keep an eye on the network for any malicious activity is monitoring it continuously. While many sniffers show you the details of previous logs, there is a need of real time sniffer to know what is happening in the network at a moment. ArpAlert uses ARP address monitoring to help detect unauthorized connections on local network. It listens on the network interface and catches all Mac to IP address conversation. It compares those scanned Mac addresses with the authorized Mac addresses and displays on the screen if any inconsistency is found. It detect IP spoofing within the network and shows which address is being spoofed. It also shows which machine in the network is trying to spoof. We ran an IP Spoof test on one of the machines and simultaneously started ArpAlert on the monitoring machine. ArpAlert found an IP Spoofing within the network at once and the information started coming out on the monitor screen. To launch an ARP Spoof attack, we used a utility called arpspoof. To use arpspoof, go to terminal and type arpspoof -i eth0 target ipaddress. We then started ArpAlert on the monitoring machine and it started showing the results on the monitor.
|
| The Mac address of the machine being spoofed and the replaced Mac address. |
