ARP spoofing - ARP attack



When computers exchange data with each other, the so-called IP-address comes to play. It is a logical address, to which data packets are sent. Next to this, each computer - or more correctly its network card - has an unique physical address, the MAC-address. The ARP-tables define the connection between these two addresses (ARP = address resolution protocol). Each logical IP-address has its physical MAC-address counterpart. If any of these table entries are exchanged, so-called man-in-the-middle attacks become possible. This means that data streams are routed unnoticed via the attacker's computer. Here the data can be read or manipulated.

In the meantime there are even attacking tools available on the Internet. Every skilled network administrator can execute professional ARP attacks. Without any precautionary measures by the organisation that is running the network, the risk for the attacker to become unveiled is close to zero. Encryption, like used e.g. with online banking, is not offering any protection against ARP attacks. ARP spoofing attacks are operated either from within the network, for instance by employees or contractors, or a small device can be installed within the network and the attacker controls this device remotely. Placing the network device does not require any specific skills, cleaning personnel or housebreakers are sufficient.

ARP spoofing is a particularly refined method to attack computer networks of all kind. It should be noted that attacks of this kind are almost impossible to detect.


Knowledge by 3MFuture.