ARP Poisoning


ARP (Address Resolution Protocol) is a method to generates an IP (Internet Protocol) address from one or multiple hosts. TCP/IP (Transmission Control Protocol/Internet Protocol) shows that every single packet in this type of communication protocol must contains MAC (Media Access Control) address from sender and also receiver. This kind of information is stored in the header. It means that packets, e-mail for example, cannot be send or we will get a transmission errors if it doesn’t contains a MAC address in their header. Well of course you cannot send package without the recipient address right?

ARP works by broadcasting inside particular network and after it gets the information, ARP stores it inside a cache. This term cache means volatile. One day, there is a confidential e-mail that you only want someone can read it. This packet also include with a single unique IP and MAC address which are 63.8.8.64 for the IP and AE:19:D2:33:4B:FC for MAC. Now, what will happen if your ARP cache has been poisoned before it? The actual recipient that you want to be able to read is only a person who got an IP 65.8.8.66 Not 63.8.8.64!! Sorry to say that your e-mail is not confidential anymore.

How can it be?? It is positively confidential e-mail!! Simple. This is because your ARP cache is being poisoned and someone clone their MAC address (yes, it is possible) into AE:19:D2:33:4B:FC and so be recognized as a true recipient of your e-mail.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: