HACKING 17 Most Dangerous Hacking Attacks (2017)
Chapter 3 – ARP Poisoning
Man in the middle attack could come in many forms as I mentioned before but the most common implementation is ARP poisoning.
ARP Poisoning
To introduce the technique of ARP poisoning, you should understand the basics of ARP its purpose and how it functions, even not required to become an ARP expert the bare minimum is to know some basics
ARP stands for Address Resolution Protocol, the purpose of this protocol is to translate the IP Addresses to their MAC Addresses (Physical addresses) of all the networking devices that reside on the LAN (Local Are Network).
To implement this command on the Windows operating system, you may proceed by opening a command line interface and type arp –a
Finding the Command Line is easy, on any Windows Operating system click on Windows start menu, then in the search field type: Command Prompt and enter to launch it.
Next just type arp for further details:
As you see, there are few more options related to the arp command, using some of the variations such as:
• Arp – a > This would display the current ARP entries specifically on this network that this computer is aware of by listing both the IP Addresses as well the MAC addresses of those devices.
• Arp – d > Deletes the ARP entry for the host that we would specify.
• Arp – s > This command would help to add hosts and associate it with an IP Address.
• Arp – v > This command would display the current ARP entries in verbose mode and all invalid entries as well the loopback interface would be shown.
I am only trying to explain some basics and the variations as well some options are available with ARP. However, it’s not a mandatory to know everything.
Instead, what you have to understand is that computers and networking devices on the same network would know each other by creating an ARP table, so they would reference that to locate each other on the network.
This is all great. However, hackers would take advantages of ARP tables by introducing themselves on the network with fake MAC Addresses making believe computers that they are the new Router. Therefore the real ARP table would be poisoned.
Once the ARP table would be poisoned by the Man in the Middle, the computer would believe that the new route to the internet would be a new address. Therefore, everything would go through the attacker.
I have demonstrated in few different ways on how to become a Man in the Middle using Back|Track or Kali Linux in Volume 2 and Volume 3 both using Wired and Wireless networks. Therefore I will not get into any more specifics. Man in the Middle attack can be achieved in many different ways. However the concepts are always the same, but then it’s up to the attacker or penetration tester for what purposes this method is being used.