Thursday, April 27, 2017

ARP Cache Poisoning

ARP cache poisoning is usually a part of a man-in-the middle attack. The ARP cache
contains IP address to MAC address mappings that a device has learned through the ARP
process. One of the ways this cache can be poisoned is by pinging a device with a spoofed
IP address. In this way, an attacker can force the victim to insert an incorrect IP address
to MAC address mapping into its ARP cache. If the attacker can accomplish this with
two computers having a conversation, they can effectively be placed in the middle of the
transmission. After the ARP cache is poisoned on both machines, they will be sending data
packets to the attacker, all they while thinking they are sending them to the other member
of the conversation.