ARP spoofing
From Wikipedia, the free encyclopedia
ARP spoofing, also known as ARP poisoning, is a technique used to attack an Ethernet network which may allow an attacker to sniff data frames on a local area network (LAN) or stop the traffic altogether (known as a denial of service attack).
The principle of ARP spoofing is to send fake, or 'spoofed', ARP messages to an Ethernet LAN. These frames contain false MAC addresses, confusing network devices, such as network switches. As a result frames intended for one machine can be mistakenly sent to another (allowing the packets to be sniffed) or an unreachable host (a denial of service attack). ARP spoofing can also be used in a man-in-the-middle attack in which all traffic is forwarded through a host with the use of ARP spoofing and analyzed for passwords and other information.
Using static ARP records can be effective methods of defence against ARP spoofing attacks. There are also certain tools available that watch the local ARP cache and report to the administrator if anything unusual happens.
[edit] Legitimate usage
ARP spoofing can also be used for legitimate reasons. For instance, network registration tools may redirect unregistered hosts to a signup page before allowing them full access to the network.
Another legitimate implementation of ARP spoofing is used in hotels to allow traveling laptop users to access the Internet from their room, using a device known as a head end processor (HEP), regardless of their IP address.
[edit] External links
- ARPDefender - hardware solution that detects and alerts for ARP Spoofing attacks
- NetCut - Admin Network with ARP protocol
- Introduction to APR (Arp Poison Routing) by MAO
- GRC's Arp Poisoning Explanation
- Sniffing in a Switched Network
- XArp - Spoofing detection software
