The Secret Security Wiki

Categories

Home > Wikis > Threats and Tools > Address Resolution Protocol Poisoning

Categories

Address Resolution Protocol Poisoning

Address Resolution Protocol (ARP) poisoning is when an attacker sends falsified ARP messages over a local area network (LAN) to link an attacker’s MAC address with the IP address of a legitimate computer or server on the network. Once the attacker’s MAC address is linked to an authentic IP address, the attacker can receive any messages directed to the legitimate MAC address. As a result, the attacker can intercept, modify or block communicates to the legitimate MAC address.

The term address resolution refers to the process of finding a MAC address that belongs to an assigned IP address for a computer in a network.

The address resolution protocol (ARP) is a protocol used by the Internet Protocol (IP), specifically IPv4, to map IP network addresses to the hardware addresses used by a data link protocol. The protocol operates below the network layer as a part of the interface between the OSI network and OSI link layer. It is used when IPv4 is implemented over Ethernet.

Learn More at our Ultimate Guide to Man in the Middle (MITM) Attacks and How to Prevent Them

  • What is ARP poisoning and how does it work?

    Address Resolution Protocol (ARP) poisoning is when an attacker sends falsified ARP messages over a local area network (LAN) to link an attacker’s MAC address with the IP address of a legitimate computer or server on the network. Once the attacker’s MAC address is linked to an authentic IP address, the attacker can receive any messages directed to the legitimate MAC address. As a result, the attacker can intercept, modify or block communicates to the legitimate MAC address.

  • What is ARP attack in router?

    An ARP attack can be directed at “cheating” a host computer or a network router. If a router has the wrong MAC address for a given IP address, then all communications are routed to the wrong host.

  • What is ARP cache poisoning attack?

    In the ARP protocol, host computers connected to the network automatically cache any ARP replies they receive, regardless of whether they requested them, and without authenticating their source. This is a vulnerability in the protocol that enables ARP spoofing to occur by changing entries in the ARP cache.

  • What is a smurf attack in networking?

    The Smurf attack is a distributed denial-of-service attack where a large numbers of Internet Control Message Protocol (ICMP) packets are broadcast to a computer network from a spoofed source IP. Spoofing the source IP can be done using ARP poisoning.

  • What is MAC spoof?

    MAC spoofing is a technique for changing a hard-coded Media Access Control (MAC) address of a network interface controller (NIC) on a networked device. Changing the address is typically done by manipulating the software of the device driver. MAC spoofing is done to enable bypassing of access control lists on servers or routers by either hiding a computer on a network or by allowing it to impersonate another network device.

  • What is meant by replay attack?

    A replay attack is a form of network attack in which a valid data transmission is maliciously repeated or delayed. Man-in-the-middle attacks, including man-in-the-browser, can feature replay attack capabilities.

  • What Is ARP Spoofing?

    ARP spoofing is a type of attack in which an attacker sends false ARP (Address Resolution Protocol) messages over a local network (LAN). This results in the linking of an attacker’s MAC address with the IP address of a legitimate machine on the network. Once the attacker’s MAC address is linked to an authentic IP address, the attacker will begin receiving any data that is intended for that IP address, assuming the identity of the legitimate MAC address. ARP spoofing can enable malicious parties to intercept, modify or even stop data being transmitted between parties. ARP spoofing attacks only occur on local area networks that utilize the Address Resolution Protocol.