Filter
Top Products
xStack® DGS-3420 Series Layer 2 Managed Stackable Gigabit Switch CLI Reference Guide
901
How ARP Spoofing Attacks a Network
ARP spoofing, also known as ARP poisoning, is a method to attack an Ethernet network which
may allow an attacker to sniff data frames on a LAN, modify the traffic, or stop the traffic altogether
(known as a Denial of Service – DoS attack). The principle of ARP spoofing is to send the fake, or
spoofed ARP messages to an Ethernet network. Generally, the aim is to associate the attacker's or
random MAC address with the IP address of another node (such as the default gateway). Any
traffic meant for that IP address would be mistakenly re-directed to the node specified by the
attacker.
Figure 10 – ARP Spoofing
The IP spoofing attack is caused by Gratuitous ARP that occurs when a host sends an ARP
request to resolve its own IP address. Figure 10 shows a hacker within a LAN to initiate ARP
spoofing attack.
In the Gratuitous ARP packet, the “Sender protocol address” and “Target protocol address” are
filled with the same source IP address itself. The “Sender H/W Address” and “Target H/W address”
are filled with the same source MAC address itself. The destination MAC address is the Ethernet
broadcast address (FF-FF-FF-FF-FF-FF). All nodes within the network will immediately update
their own ARP table in accordance with the sender’s MAC and IP address. The format of a
Gratuitous ARP packet is shown in Figure 11.
Figure 11 – Gratuitous ARP Packet