ARP spoofing
|
Missing image
Ethernet_Type_II_Frame_format.png
Ethernet_Type_II_Frame_format.png
ARP Spoofing, also known as ARP poisoning is a technique used by crackers in order to sniff frames on a switched LAN or stop the traffic on the LAN.
The principle of ARP spoofing is to send fake ARP replies to the LAN. The frame contains a different MAC address than the one belonging to the machine sending. This confuses network devices, such as switches, and as a result frames intended for one machine can be mistakenly sent to another (allowing the packets to be sniffed) or an unreachable host (denial-of-service).
Using IPv6, IPsec and static ARP records are methods to defend against ARP spoofing attacks.
See also
Some popular ARP spoofing tools
- ARPToxin (http://www.phrite.net/default.php?page=tools&id=1) - ARP poisoning tool for Microsoft Windows