1

As stated in the title.

In my lab I am trying to arpspoof a so called "victim pc" that is using Windows 7.

I do arp spoofing with arpspoof, but once run arp -a on the victim I see that the gateway entry is not changed. Maybe because the entry associated with the gateway is set to static.

In a situation like this, there is no way to arpspoof the victim?

ibrahim87
  • 85
  • 1
  • 2
  • 10

3 Answers3

1

No. It is still possible at least so:

  • if the MAC of the gateway is also spoofed and the attacker finds a way to somehow destroy the original communication channel to the gateway
  • if the attacker finds a way to corrupt the gateway (f.e. somehow stoling the admin password of a cheap, embedded router)
  • if the attacker sits behind your gateway (f.e. by doing a little rewiring)

But the most trivial MITM solution (localnet gw spoof from a cracked client machine) made really impossible.

peterh
  • 2,938
  • 6
  • 25
  • 31
1

Even though it does make ARP spoofing a lot more difficult, it does not prevent other MITM attacks (not exhaustive):

  • Port stealing
  • DHCP race
  • DNS spoofing

Other less known techniques exist (STP Mangling for example). ARP poisoning is most widely known and used just because it is so simple to carry out. In case you encounter a switch with static arp entries, it may well pay off to try the other techniques. Please also refer to the following presentation for a complete list of MITM attacks: https://www.blackhat.com/presentations/bh-europe-03/bh-europe-03-valleri.pdf

Michael
  • 5,393
  • 2
  • 32
  • 57
0

with a static arp cache, I still can spoof/sniff your communication to the router. so there is really no solution unless it is implemented in the router too. and win 7 already do not accept spoofed requests to spoof the gateway (as my tests shown), but as I said this do not protect you from other spoofing methods.

Badr Elmers
  • 149
  • 9