Recently I fixed up a critical issue at work. Actually, the end user was unaware of ARP poisoning and he surfed the internet normally while the attacker is collecting data from the session. The data collected may be passwords, banking accounts, emails and websites. This is known as "Man in the Middle Attack."
How does this happen? The attacker sends poisoned ARP request to the gateway router device. The gateway router is now brainwashed, to think that the route to any PC through the subnet needs to pass through the attackers PC. On the other hand, all hosts on the subnet think that the attacker PC/MAC is the actual gateway and they send all traffic and information to this computer. This is often referred to as Ink Dodging. However, the attacker PC forwards all this data to the gateway.
Therefore there is one attacker PC that sees all traffic on the network. And if this attack is aimed at one single PC the attacker can just Spoof this victims PC to his own and only effect on the network. The attackers PC has to be really fast as the gateway has large routing tables and many sessions are running in parallel. Most regular PCs cannot handle a large inflow of data and this causes the network to freeze or crash. This happens as the attackers PC is not compatible enough and the number packets have dropped as the PC is unable to keep up with the flow of large volumes of data.
No comments:
Post a Comment