ARP spoofing
Communication between A and C, at this time B sends a forged ARP response to A, and the data in this response is the IP address of the sender's IP address C, and the MAC address is B's. When A receives B's forged ARP response, it will update the local ARP cache, and then B will pretend to be C. At the same time, B also sends an ARP response to C. The sender’s IP address in the response packet is A’s IP address and the MAC address is B. When C receives B’s forged ARP response, it will also update the local ARP cache. At this time, B Disguised as A. In this way, both hosts A and C are deceived by host B, and the data communicated between A and C passes through B. Host B can know what they are talking about.
Detection:
1. Frequent network drops
2. The network speed suddenly slows down
3. The MAC address of the gateway viewed using the arp -a command is different from the real gateway mac address
4. Use sniffing software to find a large number of arp response packets in the LAN.
Defense:
1. Bind the mac address
2. Use the static arp cache table
3. Use the arp server to find the arp conversion table through the server to respond to broadcasts from other machines
4. Use arp spoofing protection software