arp poisoning
GHOSTRIDER2016
Member Posts: 35 ■■□□□□□□□□
in Network+
Guys,
I understand that arp spoof/poisoning involves an attacker intercepting a computers request for a mac address say for example from a router and responding with their mac address and believe their ip address. Thus the attacker fools the legitimate machine into thinking it is the router.
Whats baffling to me is why would the machine report to the attackers machine rather then the routers machine ?
Thanks
I understand that arp spoof/poisoning involves an attacker intercepting a computers request for a mac address say for example from a router and responding with their mac address and believe their ip address. Thus the attacker fools the legitimate machine into thinking it is the router.
Whats baffling to me is why would the machine report to the attackers machine rather then the routers machine ?
Thanks
Comments
-
636-555-3226
Member Posts: 975 ■■■■■□□□□□
the victim machine thinks the attacker's machine IS the router.
attacker keeps hammering victim with fake arp messages trying to poison (confuse) victim's arp tables.
cisco has at least one mitigation for this called Dynamic ARP Inspection (DAI)
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/dynarp.html
cain & scapy can both do arp spoofing, but it's been so long since i've done it i'd tell you to just google or youtube for walk-throughs