current position:Home>Attack Science: ARP attack

Attack Science: ARP attack

2022-06-24 12:45:53Chen Bucheng I

One . Introduce

ARP The limitations of the attack ARP Attacks can only be on Ethernet ( LAN such as : Computer room 、 Intranet 、 Company network, etc ) Conduct . Can't access the Internet ( Internet 、 Non local area network ) The attack .

ARP The attack is through forgery IP Address and MAC Address implementation ARP cheating , Can produce a lot of ARP Traffic is blocking the network , The attacker just keeps sending out fake ARP The response package can change the target host ARP In the cache IP-MAC entry , Cause network interruption or man in the middle attack .

ARP The attack mainly exists in the LAN network , If there is a computer infection in the LAN ARP Trojan horse , Then the infection should be ARP The Trojan's system will try to pass “ARP cheating ” Means to intercept the communication information of other computers in the network , And this causes the communication failure of other computers in the network .

The attacker attacked the computer A Send a fake ARP Respond to , Tell the computer A: The computer B Of IP Address 192.168.0.2 Corresponding MAC The address is 00-aa-00-62-c6-03, The computer A for gospel truth , Write this correspondence into your own ARP The cache table , When sending data later , Send what should have been to the computer B The data was sent to the attacker . alike , The attacker attacked the computer B Also send a fake ARP Respond to , Tell the computer B: The computer A Of IP Address 192.168.0.1 Corresponding MAC The address is 00-aa-00-62-c6-03, The computer B It will also send data to the attacker .

At this point, the attacker took control of the computer A And computers B Flow between , He can choose to passively monitor traffic , Get passwords and other classified information , You can also forge data , Change the computer A And computers B The content of communication between .

Two . terms of settlement

ARP Static binding windows:

  1. # View the corresponding Idx, Record the current network access mode Idx Serial number X
  2. netsh i i show in
  3. # Do static binding
  4. # e.g. netsh -c "i i" add neighbors 1 "192.168.1.1" "FF-FF-FF-FF-FF-03"
  5. netsh -c "i i" add neighbors [X: Replace here with specific values ]" gateway IP"" gateway MAC Address "

Linux and macOS:

  1. # e.g. sudo arp -s 192.168.1.1 FF:FF:FF:FF:FF:03
  2. sudo arp -s " gateway "" gateway MAC"

copyright notice
author[Chen Bucheng I],Please bring the original link to reprint, thank you.
https://en.chowdera.com/2022/175/20210526152008264r.html

Random recommended