码迷,mamicode.com
首页 > Web开发 > 详细

Ethical Hacking - NETWORK PENETRATION TESTING(14)

时间:2019-11-27 23:19:01      阅读:117      评论:0      收藏:0      [点我收藏+]

标签:har   outer   eve   between   most   bsp   ever   test   man   

MITM - ARP Poisoning Theory

Man In The Middle Attacks - ARP Poisoning

This is one of the most dangerous and effective attacks that can be used, it is used to redirect packets to and from any client to our device, and since we have the network key, we can read/modify/drop these packets. This allows us to launch very powerful attacks.

It is very effective and dangerous because it‘s very hard to protect against it as it exploits the insecure way that ARP works.

ARP main security issues:

1. Each ARP request/response is trusted.

2. Clients can accept responses even if they did not send a request.

 

>>ARP Poisoning

We can exploit these two issues to redirect the flow of packets in the network.

We will first send an ARP response to the client telling it that "I am the Router", this done by telling the client that the device with the router IP address has MY MAC address.

Then we will send an ARP response to the router this time telling it that "I am the client", this done by telling the router that the device with the client IP address has MY MAC address.

This means that the router thinks that I am the client, and the client thinks that I am the router. So my device is in the middle of the connection between the client and the router, ie: every packet that is going to/from the client will have to go through my device first.

Ethical Hacking - NETWORK PENETRATION TESTING(14)

标签:har   outer   eve   between   most   bsp   ever   test   man   

原文地址:https://www.cnblogs.com/keepmoving1113/p/11946186.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!