Table of Contents
What Is ARP Poisoning?
ARP (Address Resolution Protocol) poisoning is an attack technique where a cyber attacker links his computer’s or server’s MAC (Media Access Control) address and compromises LAN by modifying a legitimate server or computer’s ARP cache with falsified ARP messages. After the MAC address is linked to target’s server, the hacker can receive every message sent to the victim’s server. With ARP poisoning hackers can read, change and even block the entire communication sent to a legitimate server.
As ARP messages are forged, the target server or computer unknowingly sends frames to hacker’s computer instead of transmitting messages to original destination. ARP poisoning compromises user data and privacy. It is also called ARP poison routing or ARP cache poisoning.
How Does ARP Poisoning Work?
An effective ARP poisoning attack remains undetectable to end-users. Since the end user is unaware of ARP poisoning he will browse the internet normally while the attacker is collecting data from the session. The data collected may be passwords, banking accounts, emails and websites. The method utilized is the infamous MITM (Man-in-the-Middle Attack).
How does this happen? The hacker sends forged ARP request to gateway router device. The gateway router is now brainwashed, to think that the route to any PC through the Subnet needs to pass through the attackers PC. On the other hand, all hosts on the subnet think that the attacker PC/MAC is the actual gateway and they send all traffic and information to this computer. However, the attacker PC forwards all this data to the gateway.
Therefore, there is one attacker PC that sees all traffic on the network. And if this attack is aimed at one single PC the attacker can just Spoof this victim’s PC to his own and only effect on the network. The attacker’s PC has to be really fast as the gateway has large routing tables and many sessions are running in parallel. Most regular PCs cannot handle a large inflow of data and this causes the network to freeze or crash. This happens as the attacker’s PC is not compatible enough and the number packets have dropped as the PC is unable to keep up with the flow of large volumes of data.
Also Read : What Is A Man-In-The-Middle Attack?
How To Dodge ARP Poisoning?
Most people are prejudiced to think that using a PC from the safe corner of their home is the best option. Here is some news for them, until and unless you do not have a firewall installed on the internet connection, there is always a danger of spoofing of outbound data from your home PC. If you are using wireless, it is important to encrypt it, otherwise you would be drawing undue attention from attackers. In order to prevent a hacker from spoofing the gateway there are various utilities that can be employed to monitor the ARP Cache of a machine to see if, there is any duplication for a machine.
However, the best way to secure a network against sniffing is encryption. Now, you may not be able to stop attackers from sniffing, but the data that they receive would be made uninterpretable. Also, on a switched network, the chances are ARP spoofing would be used for sniffing purposes. In order to prevent the hacker from spoofing the default gateway, you must add MAC address to the gateway permanently and clear ARP cache.
Other suggestions to clear ARP cache include using SSH instead of telnet and making use of HTTPS instead of HTTP. For those concerned about email privacy there are different websites that allow encryption of email data during transit such as Hushmail.com and gnupg.org. Thus, the sniffers cannot read your emails.
Prevention is the only cure when it comes to ARP cache poisoning. Guard up before it’s too late.