Currently, apart from the viruses that surf the Internet freely, waiting for an unsuspecting user to fall into their traps, there are people who are dedicated to trying to force their entry into other people’s computers. Today we present what is the ARP Poisoning, a very effective technique, although a little old, used by hackers to achieve their malicious objectives. How does that Poisoning APR work and what is it? We show it to you below.
The typical ARP Spoofing attack or ARP spoofing or impersonation (also called MitM on the link layer), allows to intercept and/or modify the communications between the equipment that are in the same network segment. This attack is especially dangerous, since it occurs after the attacker is already inside our network, has managed to avoid the possible security measures that we have implemented and will be able to access all the traffic of our network.
It should be noted that it is one of the most common attacks on public networks, such as WIFI’s of bars, restaurants, universities, etc.
How ARP Poisoning works?
The attack is based on the operation of the protocol DCHP, Dynamic Host Configuration Protocol, this protocol allows clients of an IP network to obtain the configuration parameters automatically.
Let’s try to summarize it
There is a list of dynamic IP addresses called ARP, which are assigned to the clients as they are free, linking said IP with the physical and real address of the machine called MAC. The attack consists of supplanting in that list, the physical or MAC address of the victim’s device (usually the gateway), by the attacker’s MAC address, being associated with the IP of the victim and therefore supplanting it.
After getting to impersonate the victim, the attacker will be able to intercept, modify or even retain data that is in transit, therefore it will have a wide control of the data traveling through the network.
At the beginning of this article, I commented that this type of attack allows intercepting communications between computers that are in the same network segment, this is not entirely true, since with a port theft in the router (an ARP poisoning but in the CAM or Content Addressable Memory of the router) can intercept the communications coming from the Internet (or another network) to the victim who is in another network segment, what we cannot do is poison the victim’s ARP cache, this It implies that it would only affect confidentiality and access control, not integrity.
To Get the Info on Anti Malware Software: Click Here
For more About the ARP Poisoning, visit: https://en.wikipedia.org/wiki/ARP_spoofing