Man in the middle attack

Latest update on Thursday 16 October 2008 à 09:43 by Jean-François Pillou.

ARP attack

One of the most famous man in the middle attacks involves exploiting a weakness in the ARP (Address Resolution Protocol), the goal of which is to help find the IP address of a machine by knowing the physical address (MAC address) of its network card.

The goal of the attack is to intercept two machines on the network and send each one a false ARP packet stating that the other machine's ARP address (MAC address) has changed, the ARP address provided being that of the attacker.

The two target machines will then update their dynamic table called the ARP Cache. We talk about ARP cache poisoning (sometimes ARP spoofing or ARP redirect) to refer to this type of attack.

As such, every time one of the two machines wishes to communicate with the remote machine, the packets will be sent to the attacker, who will transparently send them to the receiving machine.

Ask a question
CCM is a leading international tech website. Our content is written in collaboration with IT experts, under the direction of Jean-François Pillou, founder of CCM.net. CCM reaches more than 50 million unique visitors per month and is available in 11 languages.
Related
This document, titled « Man in the middle attack », is available under the Creative Commons license. Any copy, reuse, or modification of the content should be sufficiently credited to CCM (ccm.net).