Scribd Logo
Upload

Welcome to Scribd!

  • 33 views

    Arp Poisoning

    Uploaded by

    MohamadJay
    ARP cache poisoning allows a computer on a local area network to intercept and monitor all network traffic by inserting itself as the middleman between communicating devices. It does this by spoofing ARP replies that tell other devices the attacker's MAC address should be associated with certain IP addresses instead of the actual device. As a result, the attacker is able to see and even modify all unencrypted traffic on the LAN. Standard switches do not prevent this attack since the traffic is being actively redirected to the attacker rather than just passively sniffed.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Arp Poisoning

    Uploaded by

    MohamadJay
    33 views2 pages
    ARP cache poisoning allows a computer on a local area network to intercept and monitor all network traffic by inserting itself as the middleman between communicating devices. It does this by spoofing ARP replies that tell other devices the attacker's MAC address should be associated with certain IP addresses instead of the actual device. As a result, the attacker is able to see and even modify all unencrypted traffic on the LAN. Standard switches do not prevent this attack since the traffic is being actively redirected to the attacker rather than just passively sniffed.

    Original Description:

    sdfsdfsdfsdf

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    ARP cache poisoning allows a computer on a local area network to intercept and monitor all network traffic by inserting itself as the middleman between communicating devices. It does this by spoofing ARP replies that tell other devices the attacker's MAC address should be associated with certain IP addresses instead of the actual device. As a result, the attacker is able to see and even modify all unencrypted traffic on the LAN. Standard switches do not prevent this attack since the traffic is being actively redirected to the attacker rather than just passively sniffed.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    33 views2 pages

    Arp Poisoning

    Uploaded by

    MohamadJay
    ARP cache poisoning allows a computer on a local area network to intercept and monitor all network traffic by inserting itself as the middleman between communicating devices. It does this by spoofing ARP replies that tell other devices the attacker's MAC address should be associated with certain IP addresses instead of the actual device. As a result, the attacker is able to see and even modify all unencrypted traffic on the LAN. Standard switches do not prevent this attack since the traffic is being actively redirected to the attacker rather than just passively sniffed.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 2

    ARP Cache Poisoning

    What does this mean?


    ARP Reply spoofing for the purpose of ARP Cache Poisoning allows any
    computer on the local area network to obtain one of the most
    dangerous and powerful attack postures in network security: the socalled "Man In The Middle" (MITM). The man in the middle is able to
    monitor, filter, modify and edit any and all traffic moving between the
    LAN's unsuspecting and inherently trusting computers. In fact, there is
    nothing to prevent it from filling every computer's ARP cache with
    entries pointing to it, thus allowing it to effectively become a master
    hub for all information moving throughout the network.
    Internet "switches" offer no help
    As you can see from the diagram above, the use of a standard Internet
    switch (as compared with a hub), which prevents passive monitoring
    and sniffing of the LAN's traffic by isolating the traffic of each
    computer from all others, is of no help in the face of active ARP cache
    poisoning since the LAN's traffic is being actively sent to the attacking
    computer.

    In normal operation the computers on the


    LAN use ARP protocol to acquire and memorize each other's NIC MAC address which
    they use for sending network data to each other.

    But the ARP protocol provides no protection


    against misuse. An attacking computer on the same LAN can simply send spoofed
    ARP Replies to any other computers, telling them that its MAC address should receive
    the traffic bound for other IP addresses.

    This "ARP Cache Poisoning" can be used to


    redirect traffic throughout the LAN, allowing any malicious computer to insert itself
    into the communications stream between any other computers for the purpose of
    monitoring and even alter the data flowing across the LAN.

    You might also like