Use ARP attack to disconnect the network

Enterprise 2023-05-17 05:01:07 views: null

When carrying out ARP attacks, legal regulations must be followed, and experiments and drills can only be carried out under legal authorization.

Preliminary knowledge

An ARP attack refers to an attack behavior in which attackers use the flaws of the ARP protocol to deceive hosts in the network, thereby achieving the purpose of stealing information and hijacking network traffic.

The ARP protocol is responsible for converting the IP address of the network layer into the MAC address of the link layer, so that the data packets can be transmitted correctly in the LAN. The attacker takes advantage of the defect of the ARP protocol to send a forged ARP response packet to the host in the LAN, deceiving the host to mistake the MAC address of the attacker as the MAC address of the target host, so that the attacker can intercept, tamper, and forge the communication between hosts. communication data, or conduct other attacks such as man-in-the-middle attacks and DNS spoofing.

Specifically, the implementation process of ARP attack is as follows:

1. The attacker sends an ARP request broadcast, masquerading as the IP address of the target host to request the corresponding MAC address;

2. All hosts in the LAN will receive the ARP request, but only the target host will reply with an ARP response packet, telling the attacker its own MAC address;

3. After receiving the ARP response packet from the target host, the attacker knows the real MAC address of the target host;

4. The attacker sends a forged ARP response packet, disguises his own MAC address as the MAC address of the target host, and broadcasts it to other hosts in the LAN;

5. After other hosts in the LAN receive the forged ARP response packet, they mistake the MAC address of the attacker as the MAC address of the target host, thus allowing the attacker to intercept, tamper with, forge communication data between hosts, or conduct other aggressive behavior.

In short, ARP attacks exploit the flaws of the ARP protocol to deceive hosts in the network, thereby achieving the purpose of stealing information and hijacking network traffic.

lab environment

1.Kali-Linux-2019(VMware)

2. Other networked devices under the same network as Kali

experimental tool

Ettercap, arpspoof, etc. (arpspoof is used in this article)

Experimental procedure

1. First adjust the virtual machine Kali to bridge mode

 Check virtual NIC configuration

 

(Just share a network card with the computer)

2. Check the IP address and gateway of the network where you are (you can use a computer or a mobile phone). I use a wireless network, so look at the WLAN

Take a look at the network card of the Kali system, which will be used later

 

 3. Open the Kali operating system, open nmap and start scanning the surviving hosts in the LAN

fping -g any address/mask within the network

List all surviving hosts on this network segment

 4. Find a victim (my own phone) and start an ARP attack 

 Enter the command to disconnect the network

arpspoof -i network card name -t target host ip to attack gateway of target host

 

 

You're done, press ctrl+Z to stop the attack.

Welcome to add corrections in the comment area~

Guess you like

Origin blog.csdn.net/weixin_62757215/article/details/130252665
Recommended
Ranking
A quick primer on numpy basics
Two sister tease python project
Java | Multiple keywords in the replacement content are returned to the front end in red style
C ++: references
The string leetcood 1018 is a binary prefix divisible by 5
Flutter 布局组件
Java combat spingboot-redis
PMP pre-exam sprint and wrong questions sorting
ActiveMq C# Message Features: Delayed and Timed Message Delivery
DSP28377S_ copy a program from the RAM to FLASH portion DETAILS
Daily
More
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)

Code World

© 2018 codetd.com