ARP spoofing is a horrendous attack vector. It is very easy to implement and can have disastrous effects on a local network.
The theory behind ARP spoofing is that since ARP replies are not verified or
checked in any way, an attacker can send a spoofed ARP reply to a victim
machine, thereby poisoning its ARP cache. Once we control the ARP cache, we
can redirect traffic from that machine at will, in a switched environment.
Ettercap
As usual, customized tools have been created for initiating ARP spoofing attacks.
A nice tool to check out for Windows Platforms is Cain and Able, found on
http://www.oxid.it/. This is a powerful tool capable of sniffing, ARP spoofing,
DNS spoofing, password cracking and more.
My favorite ARP spoofing tool is Ettercap. As described by it authors, Ettercap is
a suite for man in the middle attacks (MITM) on the local LAN. It features
sniffing of live connections, content filtering on the fly and many other
interesting tricks. It supports active and passive dissection of many protocols
(even ciphered ones) and includes many features for network and host analysis.
Let's get Ettercap up and running.
The theory behind ARP spoofing is that since ARP replies are not verified or
checked in any way, an attacker can send a spoofed ARP reply to a victim
machine, thereby poisoning its ARP cache. Once we control the ARP cache, we
can redirect traffic from that machine at will, in a switched environment.
Ettercap
As usual, customized tools have been created for initiating ARP spoofing attacks.
A nice tool to check out for Windows Platforms is Cain and Able, found on
http://www.oxid.it/. This is a powerful tool capable of sniffing, ARP spoofing,
DNS spoofing, password cracking and more.
My favorite ARP spoofing tool is Ettercap. As described by it authors, Ettercap is
a suite for man in the middle attacks (MITM) on the local LAN. It features
sniffing of live connections, content filtering on the fly and many other
interesting tricks. It supports active and passive dissection of many protocols
(even ciphered ones) and includes many features for network and host analysis.
Let's get Ettercap up and running.
No comments:
Post a Comment