We have known that the host computer would save and update the local ARP cache table under following two conditions: From this we can know that the ARP protocol doesn't require authentication. Thus, any host computer on a LAN is able to counterfeit ARP packets freely, disclosing the serious inherent flaws of ARP protocol. Suppose there are three host computers on a LAN (GW means gateway here), the host names, IP addresses and MAC addresses are as follows:
HostName IP MAC
GW 192.168.0.1 01-01-01-01-01-01
PC02 192.168.0.2 02-02-02-02-02-02 PC03 192.168.0.3 03-03-03-03-03-03 Under normal conditions the data stream from host computer PC02 to GW and their respective ARP cache table are represented as shown in the following illustration:
In order to accomplish some aim, the attacker's computer PC03 decides to carry out an ARP spoofing attack. First, an APR packet is sent to PC02 by PC03, serving to tell PC02: "Hey, this is 192.168.0.1, my MAC address is 03-03-03-03-03-03", then PC03 also sends an ARP packet to GW, saying:" Hey, this is 192.168.0.2, my MAC address is 03-03-03-03-03-03". Thus, the data stream from host computer PC02 to GW and their respective ARP cache table change into what is shown in the following illustration:
From the chart above we can see that after ARP spoofing all the data between host computer PC02 and GW will pass PC03, which means that PC03 will have controlled all the communication data between them. What mentioned above is the process and effect of practicing an ARP spoofing. |
| [ Go Back ] [ Close ] |
 |
 |
 |
 |
|||||||||||||||||||||||||||||||
| Chinese | English | |||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||
Tel:8610-68400236
Email:
MSN:AntiARP@Gmail.COM