0

I'm finding hard to understand how it is possible to perform a man in the middle attack to a whole network.

It is easy for the attacker to tell every victim in the subnet that his mac address is the gateway's mac, so he can intercept all requests sent by the victims. But how can the attacker do the reverse: tell the gateway that he is all the victims simultaneously to get back their responses?

I know that it is possible since I've used some tools that implement that, but I can't figure out the internals details. Can someone enlight me, please?

Thanks in advance.

Pedro de Lyra
  • 1
  • 1

1 Answers1

1

If due to ARP spoofing the gateway the clients send all traffic to the man in the middle, the MITM then forwards this traffic to the original gateway with its own MAC and IP as sender. This means that the responses to the traffic are send from the gateway to the MAC and IP of the MITM which then rewrites the response and forwards it to the original client. Thus there is no need to spoof the originals clients MAC at the gateway.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424