On a normal data exchange of the address resolution protocol (ARP), which steps of the exchange are affected by the ARP Poisoning attack?
If anybody would be able to answer this or show me a link that can help, it'll be very much appreciated!
Asked
Active
Viewed 884 times
1 Answers
0
In a normal exchange the machine looking for a MAC address will ask the network with a "Who Has 192.168.1.5" request and the machine that has that ip address will reply with it's MAC address "192.168.1.5 is at AA:AA:AA:AA:AA:AA" both machines will store the MAC address in their ARP cache for use later
In an ARP poisoning attack the attacker is sending "192.168.1.5 is at BB:BB:BB:BB:BB:BB" to the router and "192.168.1.1 is at BB:BB:BB:BB:BB:BB" to the victim. These are sent without a "Who Has" request and the victims will store them in their ARP cache for use later.
Here's a link to how arp spoofing works http://www.irongeek.com/i.php?page=security/arpspoof
Four_0h_Three
- 1,225
- 2
- 8
- 13