Abusing address resolution

The address resolution protocol exists as a service that translates IP addresses
into MAC addresses.
Hosts make ARP requests to obtain information about the MAC address associated with a given IP address.
A host will broadcast a message across the entire local network segment, hoping to receive a response from the host associated with the requested IP address.
The fundamental flaw in the address resolution protocol is that it inherently lacks any form of authentication and message integrity.
This means that, when a response is received for a MAC address lookup, the receiving host has no way of determining its origin, and is left to blindly assume it comes from the correct host. To an attacker, what this means is that you can convince devices to forward you packets that are actually intended for another user by forging responses to ARP requests.
Kali Linux has a tool that helps facilitate ARP abuse; it's called ArpSpoof and following is the usage specification for it:

arpspoof [-ictr] [GATEWAY]

Comments

Popular Posts