No announcement yet.

ARP Cache Poisoning

  • Filter
  • Time
  • Show
Clear All
new posts

  • ARP Cache Poisoning

    ARP is responsible for translating (layer 3) IP addresses to MAC (layer 2) addresses. The relationship between IP addresses and MAC addresses are stored in cache on all IP enabled devices. An ARP cache poisoning attack overwrites a victim's ARP cache using gratuitous ARP replies thereby redirecting traffic to a host of the attackers choosing, usually the attacker's computer. This puts the attacker in the middle of all communications between the victim and the authenticated host. The goal is to manipulate the traffic flow based on the IP to MAC address mapping.
    In a local network, it being a subnet or VLAN, computers actually communicate using the physical addresses and the IP address is only used by one peer to determine the MAC address of the other peer in the conversation. Sometimes proxy ARP is in play and this is when one device such as a router responds to an ARP request on the behalf of another device.
    Certified Security Geek