1
Is it possible to initiate ARP cache poisoning attack by spoofing the ARP requests from WAN side of router? instead of attacking from LAN Side?
OT10
Posted 2016-03-08T09:44:56.230
Reputation: 47
Can ARP cache poisoning be done from WAN side of home router?
Answers
2
ARP relies on IPv4 broadcasts to work. Routers do not normally forward broadcast traffic between subnets. So unless your router is unusually configured it's not possible to perform an ARP poisoning cache from the WAN to a machine on your LAN.
LawrenceC
Posted 2016-03-08T09:44:56.230
Reputation: 63 487
0
ARP is a protocol which is being used inside a network (layer 2) to convert IP addresses to MAC addresses. Routers are responsible to forward traffic between networks at layer 3. Therefore, devices outside the network are unaware of any MAC addresses inside the network as all traffic towards that network is handled by the router servicing that network.
So according to theory what you ask is impossible, however, there might be vulnerabilities in the router's software which would make it possible somehow.
mtak
Posted 2016-03-08T09:44:56.230
Reputation: 11 805
The reason for asking: there had been continuous activity incoming on Wan Port ( just like someone is doing a port scan) - with no program running/no downloads.... however on closer inspection found firewall was blocking ARP requests which had internal lan address as source.. So to mitigate that I added static ARP entries in arp table at least for my work comp and gateway/router. ..Soon after that.. the unexplained activity on WAN port ceased. Is it possible to spoof ARP requests to make them look like they come from internal LAN address instead of actual outside your LAN? – OT10 – 2016-03-08T13:55:32.233
ARP requests are very spoofable since they aren't secured in any way. – LawrenceC – 2016-04-29T20:01:18.023