Arp spoofing

Posted on by Mosaico

Attack description

Arp spoofing(aka falsification) is an attack that affects the tcp/ip link layer.

Weaknesses exploited


This attack exploits the arp protocol’s main vulnerability: its statelessness.

This means that the arp protocol was designed to work without a memory, only by relying on what is read i the received packet.

Attack mechanism

 

Which tools implement this attack?

Ettercap.

This tool implements the attack by sending a crafted packet to the victim.

Threat actor’s advantages

This attack can enable a malicious actor toperform a man in the middle attack, which can lead to eavesdropping on the exchanged packets or to a dos attack.

Also the switch’s arp table can be flooded, leading to dos.

With this attack the threat actor could impersonate the gateway.

Mitigations

Set the arp tables entries as static.

Leave a Reply

Your email address will not be published. Required fields are marked *