Options

Layer 2 Mac Sppoofing Man in Middle

DANMOH009DANMOH009 Member Posts: 241
in CCNA Security
I've been reading that a Layer 2 Man in The middle attack can involve a Layer 2 device spoofing, the Mac address of the default gateway and then it can view what packets are sent for local communication.

Now something which confuses me is that if the attacker spoofs the mac of the DG, all devices will send info to the attacker, however what about the legitimate mac address of the default gateway?? As this does not change does this not mean that there are 2 mac addresses that the computers can send to? if so (which i doubt this is the case), how does the sending device send to the attackers mac rather the the original DGs Mac??

Cheers
· Share on FacebookShare on Twitter

Comments

  • Options
    SecurityThroughObscuritySecurityThroughObscurity Member Posts: 212 ■■■□□□□□□□
    After the CAM is overwritten with the attacker MAC, all the packets destined for the actual host will be diverted to the attacker. But the CAM will have overwritten again with the legitimate MAC as soon as switch receive a frame from the legitimate host.

    If you want to spoof DG then you need to perform arp poisoning.
    · Share on FacebookShare on Twitter
  • Options
    DANMOH009DANMOH009 Member Posts: 241
    Ahh ok, so its constantly changing/overwriting, i take it with ARP poisoning it works the same.
    · Share on FacebookShare on Twitter
  • Options
    SecurityThroughObscuritySecurityThroughObscurity Member Posts: 212 ■■■□□□□□□□
    ARP Poisoning works different.
    When a host sends out a broadcast ARP request to find a MAC address of a particular host, an ARP response comes from the host whose address matches the request. The ARP response is cached by the requesting host.
    ARP cache poisoning can occur because ARP allows a gratuitous reply from a host even if an ARP request was not received.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.