IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [arp-spoofing]

ARP spoofing is an attack technique which sends spoofed Address Resolution Protocol (ARP) messages to Local Area Network (LAN). The idea is to identify attacker's MAC address as the address of another network host and redirect traffic intended for another IP address to the attacker's IP address instead.

ARP spoofing is an attack technique which sends spoofed Address Resolution Protocol (ARP) messages to Local Area Network (LAN). The idea is to identify attacker's MAC address as the address of another network host and redirect traffic intended for another IP address to the attacker's IP address instead.

ARP spoofing, if successful, enables an attacker to intercept LAN data packets, shape traffic, or stop it altogether. This type of attack is often used as an attacker's opening gambit for other attacks, such as denial of service (DoS), man in the middle (MiTM), or session hijacking. This attack can only be staged on local networks that use Address Resolution Protocol (ARP).

209 questions
1
vote
0 answers

Neutralizing or Migitating ARP spoofing once detected

I've seen a few methods to detect ARP Spoofing attacks through code(such as this), and ways to defend against these attacks through software and switches (like arp spoofing protection on LAN). How would I prevent arp spoofing with my own…
Dylan Katz
  • 243
  • 1
  • 3
  • 9
1
vote
1 answer

Why is ettercap targetting the whole network?

I recently tried to do a MiTM attack on my network using ettercap. I have a router, two windows 7 machines : Host A and Host B, and Backtrack on a VM. In the ettercap window I added the router as TARGET 1, Host A as TARGET 2 then started Arp…
user41696
1
vote
1 answer

Why ARP Poising is not working for some sites?

I am using following link for arp poisoning our Wireless LAN. http://www.irongeek.com/i.php?page=security/ettercapfilter But the thing is, it is working only for some sites. Even some some http sites are not modified with this. What is the reason…
Kiran
  • 111
  • 2
1
vote
2 answers

Can non-https assets be tampered with?

Why load assets such as images, javascript, css etc, over HTTPS? Is it possible for these assets to be tampered with if I use HTTP? The only way I could conceive of tampering with HTTP loaded assets is to ARP poison the network and then inject…
OneChillDude
  • 411
  • 2
  • 10
1
vote
2 answers

arp request to a ghost host

All the clients in my wireless network send continuously arp requests to a host that doesn't exist (I've checked its absence with nmap -PN [IP]). The clients use windows 7 and windows xp (here the requests are sent with less frequency).What does it…
Bau Miao
  • 111
  • 2
1
vote
1 answer

MiTM not working --rejected by router?

I have been attempting to run a MiTM on a very old XP SP3 computer. I have attempted it with 3 products, as listed below: Wireshark: Traffic from the computer did not even show up. (I did see traffic from multiple IP's, so I think I have the right…
KnightOfNi
  • 2,247
  • 3
  • 18
  • 23
1
vote
0 answers

Needing help intercepting local SSL traffic on a difficult Android app

I'm trying to intercept traffic from an Andriod app. I've forwarded ports 80, 443, 6699 and 6698 on Kali to a listener port and set up arp-spoofing. I'm using BurpSuite on the same computer to listen and intercept (invisible proxy). Certificates…
Doby
  • 11
  • 2
1
vote
0 answers

How to interpret received packets, although not being destination host

Set up: Victim: 192.168.0.2 Attacker (also having SSH server installed): 192.168.0.3 SSH server: 192.168.0.4 I perform a successful ARP Spoofing attack (being obviously the attacker's MAC address): But when I try to connect via ssh…
LearningSquad
  • 11
  • 2
1
vote
2 answers

Need help understand ARP spoofing attack?

I am currently reading the network exploitation section of the book Hacking: The art of exploitation. The book covers ARP spoofing attack in brief, but doesn't go over much detail. Before starting I would like to tell what kind of system/peripherals…
krla
  • 13
  • 2
1
vote
0 answers

How docker is translating docker0 interface ip address to host ip address

I'm trying to create a lab environment to experiment with MiTM attacks. I want to learn docker also so I've decided to do this with docker. I created 2 images (attacker, victim): Victim - based on Alpine, with curl installed Attacker - based on…
Kankarollo
  • 11
  • 2
1
vote
1 answer

MITM attack using ICMP packet injection

I came across an infosec presentation from a conference which discussed how ICMP packets can be used to compromise a connection between two machines. More specifically, they described the process as: The attacker can forge a spoofed ICMP packets to…
Irene Ant
  • 659
  • 7
  • 19
1
vote
0 answers

How do I prevent against man-in-the-middle, specifically the packet injection attack?

I suspect that I am being targeted in a man-in-the-middle attack from the ISP or in-between of the fiber cable transit or the node by sniffer hardware that detects and injects the malicious packets. I am using a VPN service and it's encrypted…
CATALUNA84
  • 111
  • 3
1
vote
2 answers

Security: Multiple VPN users

Let's assume there is a service provider that hosts some services behind a firewall. Two different companies connect to the network of the service provider via VPN. (To use the services that aren't accessible via internet) Each company has its own…
firendlyQuestion
  • 31
  • 2
1
vote
2 answers

What solution against ARP attacks in a University network?

I´m trying to protect my LAN (University campus) against ARP attacks using netcut. I have 100 APs connected to my CISCO 2680. I used 8 VLANs and all of VLAN ports are connected to one gateway provided from a loadbalancer. Even with this, I can…
user220636
  • 11
  • 1
1
vote
0 answers

How to intercept data my TV communicator sends and receives?

I wish to check how and what is being sent when I interact with my TV via the remote that talks to the communicator box (not smart tv). I am curious what protocols are used, and how often does the communicator phones home. Does it send encrypted…
miyagisan
  • 141
  • 4
1 2 3
13 14