Answer Happy

3. (20 points) Link Layer: ARP & Protocol Perils Consider the following LAN, composed of 2 machines, a gateway router and a switch. gateway Alice switch router - 192.168.42.1 11-11-11-11-11-11 192.168.42.10 AA-AA-AA-AA-AA-AA Eve 192.168.42.13 EE-EE-EE-EE-EE-EE The router and both machines rely on ARP to dynamically obtain the mapping between IP and MAC ad- dresses. The switch, upon receiving a frame with destination MAC address X: • forwards the frame to all the NICs if X is a broadcast address, • forwards the frame only to the NIC with address X if X is a unicast address drops the frame if address X is unknown. • Eve wants to meddle with Alice's Internet connection. As she only controls her own machine, she resorts to so called ARP poisoning attacks. Question 1 (10 points): Eve wants to eavesdrop on all the IP packets exchanged between Alice and the gateway in a way that would be stealthy (Alice should not realize that something is wrong). Propose an ARP---based attack that would allow Eve to achieve this. List the ARP packets used; for every ARP packet, give the type (request/reply) and source/destination IP/MAC addresses. Describe what Eve should do with the IP packets received from Alice and from the gateway. Question 2 (10 points): Propose a modification to the way the ARP module updates the ARP table that would prevent and/or detect such ARP attacks. Note: the format of ARP packets has to remain un- changed.