This is the most common way of creating confusion in the network.  This method also has an alias name as Address Resolution Protocol cache poisoning and Address Resolution Protocol poison routing. It is used to compromise a Local Area Network connection.

ARP Spoofing Vulnerabilities

This technique can be used to intercept frames and packets from the network channel and modify or completely block the traffic as well. But the limitation is that this attack can only be carried out only on those Networks which use ARP. Other methods are not affected by this technique.

ARP Spoofing Principle

The main principle is to forge the MAC address with the associate IP address of the victim HOST. Hence whenever there is a routing of any packet from or to the host machine the packet first comes to the forged system and then the attacker can easily view or modify the packet according to the wish and carry out the illicit task. This attack is also known as Man in the middle attack due to this reason.

Now if the victim’s machine is associated with a non existent MAC address the default gateway won’t be able to communicate to the host machine directly hence it will deny all services to the said host. This is somewhat like a Denial of Service Attack.

It is to be noted this task can only be done if the attacker is on the LAN connection or if he has direct access to the LAN. The best situation under which this can be lethal is when the LAN is on the verge of a wireless connection. If the encryption breaks the LAN security breaks as well and the attacker can be the worse night mare to the network.

ARP Spoofing Prevention Steps

The best part of this protocol is that it only acts when requested. If the request response system is configured correctly there is a higher chance of not being affected by this attack. Just keep a tab of the following conditions:

1. Allow response only when a request is sent
2. Configure firewall to intercept any unknown intrusion or request from an external IP address.
3. Keep a trace of the request log and run check patrol every once and while
4. Scan your network for any open end connection (Wireless check)
5. Fix IP slots and register every MAC to the Server (If possible)
6. Prevent MAC if not in the response list and make an alert immediately

ARP spoofing Tools for Attack and Defense

Following tools can be used for guarding against the ARP attack –

• Anti-ARP
• ARP Watch
• ARP guard
• ARP Defender
• ARP Inspection
• X-Arp
• Network Monitor Tools

Following tool can be used to carry out an ARP spoofing attacks –

• Wireshark
• DSniff
• Ethercap
• Arp-spy
• Arp-sniff
• Arpsniffer
• Network sniffer
• Arp-alert
• ProRAT
• Sub7

From the above mentioned program please be cautious while working with ProRAT and Sub 7. These programs are themselves infected and may bear the compromise code to the downloaded source.

If you are not an advanced user, and are not familiar with  the working architecture  of bugs and tools which are used for creating them please stay out of such things. We are not responsible for any damages incurred by the use of such tools.

Related Posts via Categories

• JoyToKey
• Free CD/DVD Burning Tools For Windows MAC Unix And Linux
• dwm.exe Process
• Top 30 Desktop Gadgets for Windows 7
• iSquint
• Safe Mode in Windows 7, Vista and XP
• Windows 7 God Mode
• igfxpers.exe
• Pando Media Booster Review
• Speed up Windows 7 with ReadyBoost