Man in the middle attack

Ask a question

ARP attack

One of the most famous man in the middle attacks involves exploiting a weakness in the ARP (Address Resolution Protocol), the goal of which is to help find the IP address of a machine by knowing the physical address (MAC address) of its network card.

The goal of the attack is to intercept two machines on the network and send each one a false ARP packet stating that the other machine's ARP address (MAC address) has changed, the ARP address provided being that of the attacker.

The two target machines will then update their dynamic table called the ARP Cache. We talk about ARP cache poisoning (sometimes ARP spoofing or ARP redirect) to refer to this type of attack.

As such, every time one of the two machines wishes to communicate with the remote machine, the packets will be sent to the attacker, who will transparently send them to the receiving machine.


Latest update on October 16, 2008 at 09:43 AM by Jeff.

This document, titled "," is available under the Creative Commons license. Any copy, reuse, or modification of the content should be sufficiently credited to CCM (