I am using following link for arp poisoning our Wireless LAN. http://www.irongeek.com/i.php?page=security/ettercapfilter
But the thing is, it is working only for some sites. Even some some http sites are not modified with this.
What is the reason behind this?
Does the sites any mechanisms to prevent ARP Poisoning?
The answer to your question seems to lie within the link you have referenced.
Computer programs follow specific instructions, and in this case the ettercap filter is set to:
replace("img src=", "img src=\"http://www.irongeek.com/images/jollypwn.png\" ");
replace("IMG SRC=", "img src=\"http://www.irongeek.com/images/jollypwn.png\" ");
The character string "IMG SRC =" is not the same as "IMG src=" or "img title='123' src=". If the website developer has used a set of characters different from your filter in any way, then the filter will not work.
Keep in mind that this filter does not seem to fire off for all images, it's a little hit and miss
This may be so for the logical difference as explained above or a part of a packet congession/load release mechanism that drops some of these packets without filtering.
Can sites mitigate ARP?
No. These sites have either adopted a different style guide for img tags or maybe they simply don't have one. Like irongeek says, ARP mitigation is most effective through static cache, IDPS, or Arpwatch on the local network.
I would suggest reading a more detailed overview of the ARP, IP and frame delivery protocols for a better understanding of the exploitation and mitigation of this attack vector.
