Anatomy of an ARP Poisoning Attack

While reading the article , I really liked this statement – Hackers lie. Skillful hackers lie well. And well-rounded hackers can lie both to people and to machines. And the most commonly used way to do it is – ARP Cache Poisoning.
ARP , as a very simple protocol,consists of merely 4 basic messages,shown below.
1.An ARP Request. Computer A asks the network, “Who has this IP address?”

2.An ARP Reply. Computer B tells Computer A, “I have that IP. My MAC address is [whatever it is].”

3.A Reverse ARP Request (RARP). Same concept as ARP Request, but Computer A asks, “Who has this MAC address?”

4.A RARP Reply. Computer B tells Computer A, “I have that MAC. My IP address is [whatever it is]”.

This gives an albityt to attacker to assocciate any IP address with any MAC address, whivh leads to many attack vectors, such as – Deanial of service , Man in the middle and MAC flooding. About these types of attacks you can read in the reference i used , which is here

Ways to avoid ARP poisoning:
1. For a small network its useful to make your IP static and create a login script , which boots the parameters automatically after the start.
2.For a large network its smart to secure your ports.
3.For every network the best way to protect is to monitor it , by using such sowtware as ArpWatch.

This entry was posted in IT Security, Week 20. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s