Attack Arp-Spoofing The most dangerous attack !! What is the? How do you deal with it?
Arp-Spoofing is a type of attack targeting networks of the second level, especially OSI, and is one of the most dangerous and common network attacks, leading to the so-called Man in the Middle attack.
add to your information:
Before connecting two devices together on a single network, each device must first identify the MAC address or the physical address of each. Therefore, a protocol called ARP-Protocol, whose primary function is to send the Arp-Request, In the way of broadcasting or what is known as “Broadcast”, which in this step asks for the physical address (Mac Address) for a specific IP (IP) to communicate with, and therefore spread the broadcast on the network to reach the desired IP When it reaches its intended destination, the Mac Address will respond to it via Arp-Spoofing, but this time the response will be different. It will be Unicast. Once this is done, Successfully, the devices start communicating successfully.
How to attack?
The idea of attack is often one of the simplest steps in the hacking process. Once the response has been received, the MAC address and the IP are stored in a table called the Arp Table, so that access is easier. , And this process is often a temporary process ends once the device is closed, from here the attacker starts his attack and simply sends (Arp Replay) a fake for a device on the network, as if the request has been issued by the same device, (ARP). Hence, the hacker starts sending its data to the hacker as a router Not so all data traffic through.
Thus, the hacker was able to convert his device into what is known as MITM in the middle.
Here’s the picture to illustrate:
A simplified explanation of the above:
Your device is connected to the router, the router is connected to the Internet, your device sends a request to access a specific site, the router connects to the site, the site responds. You get the Arp-Spoof and your device works as a spy in the first stage. The router that sends you the response of your request, it is now a spy tool and see everything that happens between you and the router very smoothly.
The tools used in Arp-Spoofing and MITM?
Many of the tools used in this attack, but the most famous ones (DNS Sniff, Ettercap, and NetCut), although NetCut does not execute the MITM attack, Changing the Gatway, keeps you aware that these programs do not need to be highly professional.
How to protect your computer from these attacks?
The best way to protect your computer from these attacks is to do a static ARP gateway for public or open networks, or use some specialized software to change your Mac address before connecting to suspicious or public networks.
However, if you are trying to connect to a remote server, you must use SSH. It provides you with complete confidentiality of your data. There are also some programs that enable you to monitor and track your network traffic, including XARP (Snort) Mapping which occurs on Arp Cash.