MITM Attack 1: Understanding ARP Poisoning

In the modern world, computers are a very essential part of our life. So, the security of a computer is important because it protects your information. The main purpose of computer security is the detecting and preventing unauthorized access to computer systems. The man-in-the-middle attack is one of the most common cyberattacks. ARP poisoning is an implementation of the man-in-the-middle attack. In this article, I will explain about these cyberattacks, how it works, and how to prevent from it.

Man In The Middle Attack (MITM Attack)

As the name suggests, some unauthorized person inserts himself on communication between two devices and reads the traffic without anyone noticing. Usually, those two devices are your laptop and the WiFi router. If you are not using a secure network, the middle man can spy on your network traffic.

  • DNS spoofing
  • HTTPS spoofing
  • Wi-Fi eavesdropping

ARP Poisoning

Before jump into the ARP poisoning attack, you need to understand how the ARP works.

ARP (Address Resolution Protocol)

When considering data transmission, there are two types of addressing called ‘logical addressing’ and ‘physical addressing’.

  • Physical addressing — using the MAC address in the data link layer
ARP request as a broadcast
ARP reply as a unicast

How to Detect an ARP Poisoning Attack?

You can use this command to check the ARP cache. When the results have two IP addresses(dynamic) for the same MAC address, it means the computer under an ARP poisoning attack.

arp -a

Basic steps for ARP poisoning

Let’s see the steps to get a basic idea about ARP poisoning. I will take the previous example to explain this attack. You should remember, this is just for your information. Do not try to make trouble anyone.

  1. Then Chris needs to use use a spoofing tool, such as Ettercap, Arpspoof. If he connected to the common network, he can find the targets. (select the Jee’s laptop as one target and the router as another target.)
Select targets on Ettercap
Select attack method as ARP poisoning
Wireshark application

How to Prevent ARP Poisoning Attacks?

Static ARP Table — The ARP protocol allows to map manually IP addresses and MAC addresses of all the devices. So, the devices not able to listen to ARP responses from other devices.

BSc. (Hons) in Engineering, Associate Software Engineer at Virtusa