The ARP protocol was developed to be efficient, which led to a serious lack of security in its design. This makes it relatively easy for someone to mount these attacks, as long as they can access the local network of their target.
ARP poisoning involves sending forged ARP reply packets to a gateway over the local network. Attackers typically use spoofing tools like Arpspoof or Arppoison to make the job easy. They set the IP address of the tool to match the address of their target. The tool then scans the target LAN for the IP and MAC addresses of its hosts.
Once the attacker has the addresses of the hosts, they start sending forged ARP packets over the local network to the hosts. The fraudulent messages tell the recipients that the attacker’s MAC address should be connected to the IP address of the machine they are targeting.
This results in the recipients updating their ARP cache with the attacker’s address. When the recipients communicate with the target in the future, their messages will actually be sent to the attacker instead.
At this point, the attacker is secretly in the middle of the communications and can leverage this position to read the traffic and steal data. The attacker can also alter messages before they get to the target, or even stop the communications completely.
Attackers can use this information to mount further attacks, like denial-of-service or session hijacking:
-
Denial-of-service – These attacks can link a number of separate IP addresses to the MAC address of a target. If enough addresses are sending requests to the target, it can become overloaded by traffic, which disrupts its service and makes it unusable.
-
Session Hijacking – ARP spoofing can be leveraged to steal session IDs, which hackers use to gain entry into systems and accounts. Once they have access, they can launch all kinds of havoc against their targets.
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
34,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM