IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [arp-spoofing]

ARP spoofing is an attack technique which sends spoofed Address Resolution Protocol (ARP) messages to Local Area Network (LAN). The idea is to identify attacker's MAC address as the address of another network host and redirect traffic intended for another IP address to the attacker's IP address instead.

ARP spoofing is an attack technique which sends spoofed Address Resolution Protocol (ARP) messages to Local Area Network (LAN). The idea is to identify attacker's MAC address as the address of another network host and redirect traffic intended for another IP address to the attacker's IP address instead.

ARP spoofing, if successful, enables an attacker to intercept LAN data packets, shape traffic, or stop it altogether. This type of attack is often used as an attacker's opening gambit for other attacks, such as denial of service (DoS), man in the middle (MiTM), or session hijacking. This attack can only be staged on local networks that use Address Resolution Protocol (ARP).

209 questions
0
votes
0 answers

sslstrip partially working

I'm currently working on a MITM + sslstrip attack educational talk to create awareness on the importance on checking certificates specially if connected to public WiFi and having strong WiFi passwords to prevent unwanted third parties getting in.…
9uzman7
  • 101
  • 3
0
votes
2 answers

Should ettercap make the targets this slow?

I recently started experimenting with ettercap, however, I quickly noticed that when I try and arp poison targets they can almost never communicate with each other. Is this normal? My computer is a macbook air with 1.4 Ghz cpu (Core 2 Duo). When I…
November
  • 505
  • 1
  • 5
  • 12
0
votes
1 answer

Are ARP attacks possible on OpenVPN and Wireguard connections?

I am curious if it is possible for users connected to a VPN to perform ARP spoofing / poisoning attacks against other users on the same subnet of an OpenVPN or Wireguard server. Does OpenVPN & Wireguard provide inbuilt mitigation's against ARP…
Tyler
  • 417
  • 5
  • 12
0
votes
2 answers

MITM using ARP spoofing with Kali Linux running on VirtualBox with bridged wifi network adapter

At home I have two laptops (running on Windows). With one laptop (attacking laptop) I try to get in the middle of the connection of other laptop (victim laptop). To do this is run Kali Linux in a virtual environment using VirtualBox on the attacking…
Stefan
  • 111
  • 1
  • 7
0
votes
1 answer

arp spoofing and https reading doubts in bettercap tool

using the popular bettercap tool and observing responses I had two doubts that also concerns some theoretical questions: Bettercap allows you to arp spoof entire ranges of ip-s (e.g. an entire /24 subnetwork you're in), but as far as I know do an…
ela
  • 125
  • 5
0
votes
1 answer

How to force users on my LAN to use a specific DNS server with arp poisoning?

I'm attempting to force all hosts on my LAN to use a specific DNS server to filter certain material, however I'm running into problems. I've had problems in the past trying to configure my router's DHCP to assign the desired DNS server to hosts…
Kody_06
  • 1
0
votes
2 answers

Unable to see client to server traffic in MitM attack

I'm attempting an MTIM attack on my home LAN just for fun. I am using arpspoof which comes pre-installed with the Linux distribution I'm using. The problem I'm having is I can see the server to client traffic, but not client to server traffic. These…
Utkarsh Agrawal
  • 493
  • 1
  • 8
  • 15
0
votes
1 answer

Would it be possible for a malicious user to change the LAN IP address of an uncompromised device?

I have a local network and an IPCam (with its own storage) in it. Due to some practical limitations, I cannot use technologies such as AP isolation or VLAN to isolate low-integrity and high-integrity devices. There could be some malicious users in…
user129187
0
votes
1 answer

Man in the Middle how to read incoming traffic for victims on the network

i was just testing something about MITM i know MITM well attack is just like: gateway = 192.168.1.1 victim = 192.168.1.13 attacker = 192.168.1.6 performing mitm and enable linux kernel ip_forwarding and i see outgoing traffic for victim…
mahmoudadel
  • 3
  • 3
0
votes
1 answer

Are there known Windows viruses which are capable of ARP spoofing?

Are there known Windows viruses which are capable of ARP spoofing? If so, how widespread are they?
Vladimir Berlev
  • 263
  • 2
  • 8
0
votes
1 answer

Why arp returns initial state after arpspoof stopped?

I'm wondering why ARP table in my laptop returns to its initial state when arpspoof tool attack is stoppped. Is there any option for the attacker to modify the victims ARP table until the default gateway sends a new ARP response with its legitimate…
elena.bdc
  • 35
  • 7
0
votes
1 answer

ARP Spoofing - Not Receiving Internal Traffic

I am attempting to perform a MITM attack via ARP spoofing to sniff out the traffic from 10.0.0.54 to 10.0.0.55. Here is my setup: echo 1 > /proc/sys/net/ipv4/ip_forward sudo arpspoof -i wlan0 -t 10.0.0.54 10.0.0.1 sudo arpspoof -i wlan0 -t 10.0.0.1…
Gavin Youker
  • 1,270
  • 1
  • 11
  • 23
0
votes
1 answer

MITM attack DNS spoofing problem

I’ve tried to DNS spoof dnsspoof -i eth0 -f spoofhosts.txt (inside spoofhosts.txt there is my (the attacker) local ip and the domain which i want to poison) and I just keep receiving this: dnsspoof: listening on eth0 [udp dst port 53 and not src…
MercyDude
  • 149
  • 5
0
votes
1 answer

How do I protect myself from ARP spoofing as a client?

Network topology: Public AP <-WiFi-> Raspberry Pi (NAT #1) <-Ethernet-> WiFi AP (NAT #2) <-WiFi-> Clients Situation: I'm connecting to a dormitory access point that's shared with a lot of other people. When the going gets tough, I do an ARP-spoof…
Aloha
  • 910
  • 7
  • 14
0
votes
1 answer

Which chain of the iptables receives the sniffed packets

Host C is using wireshark to sniff packets from Host A to Host B. I am able to see those packets from wireshark but I am not able to find them in the PREROUTING chain of iptables. When Host C arpspoofs Host A and B, I can then see the packets in my…
Lew Wei Hao
  • 429
  • 5
  • 13
1 2 3
13
14