Friday, February 10, 2012

ARP spoofing (address resolution protocol)

Comments

ARP is the Address Resolution Protocol, which allows the translation of IP addresses into MAC addresses, which are nothing but the hardware addresses. So assume that I am working on some LAN network and I want to connect to some other Host X. My IP sends the request to connect, but to find the Host X, it first needs the MAC address of the Host X. So my IP starts looking in its ARP cache if it has any entry for the Host X. If not, my IP sends the ARP request asking “Yo, who has this IP address I’m looking for?” As soon as Host X listens to this call, it responds to my IP with its MAC address and thereafter the connection gets established.
So the spoofing basically deals with how we can spoof the response to the call. When my IP sends the call, asking for who owns the IP address, the attacker poisons the host and responds that I am Host X, you want to connect to. There it is. I think that I am connected to the Host X, but am not. My every request now passes on to the attacker, who then forwards the request further to the Host X. The Host X too sends back the response to the attacker, who forwards further back to me. This is known as ARP Spoofing/Poisoning. Whatever crucial data are exchanged between me and the Host X, the attacker can easily see all of them.

Here I explained about poisoning the hosts, but what if the attacker poisons the common gateway used by all of the hosts on the complete LAN network. The attacker now starts acting as the common gateway, forwarding all of the received data packets to the actual gateway. Each and every piece of the exchanged data packets get clearly exposed to the attacker.

Though this method is quite older. Yet the concepts are still very interesting and worth knowing.....
Related Posts Plugin for WordPress, Blogger...