Student Admitted to ARP Spoofing His School Network through Android Device
A student from the Horizon High School in Omaha has admitted to being the one responsible for redirecting the outbound traffic of his school to an Android device. This practice he led the school to have intermittent network access for three days. Through the use of ARP (Address Resolution Protocol) spoofing, the unnamed student drew off the network traffic of his school to the smartphone.
For anyone who doesn’t know what ARP spoofing is, using it enables an attacker to silently reroute packets among two machines to another machine once an IP/MAC address has been forged. But if the attacker was able to associate his device’s MAC address together with the local area network gateway, they can gain access to the entire outbound network traffic.
A staff from the school said that the student used an app called Arpspoof and even illustrated how it worked. Before the student found out what he was doing, they deleted it and password-protected his smartphone.
This may have something to do with the free open source network of Google’s Android Market. In addition, there was a tutorial that the student followed containing a note on ‘ARPspoofing between a machine and the LANs gateway you can see all the traffic it’s sending out to the internet.’
The IT staff of the school discovered that ‘all of the outgoing internet traffic was redirected to the student’s Android cellphone instead of the intended recipients,’ this was found on the search warrant obtained by the MSNBC.
On Android Market, the product description of the ARPspoof app says that it is “an open source tool for network auditing.
It redirects packets on the local network by broadcasting spoofed ARP messages. Arpspoof displays the packets that the victims are sending to the device, but it doesn’t save them. If you’re wanting to analyse the packets then you should save them by running tcpdump”
Between January 9 and 11, the search warrant that the Douglas County police issued states that the school staff were ‘unable to actively use their computers.’ There has been an issued warrant that gives the sheriff authority to forensically examine the device.