[Introduction]

ARP attack: ARP (the Address Resolution Protocol, ARP ) is located in a TCP / IP protocol the network layer stack, responsible for an IP address resolve to the corresponding MAC address .

ARP protocol there is a lot of loopholes and shortcomings, caused great risks to computer networks. First ARP protocol is broadcast sends an ARP request, as long as the host is the same network segment can receive, which for the attacker an opportunity to exploit, an attacker could send a large number of ARP request packet, blocking normal broadband network the local area limited network resources are occupied by useless broadcast information, resulting in network congestion; Second, ARP protocol is not secure authentication mechanism, because the hosts in the LAN is based on trust, so long as the host receives the ARP response packet, It will be cached in the ARP table, which provides the possibility for ARP spoofing. An attacker could send the wrong IP address mapping between MAC addresses.

[Attack] classification

1, ARP flood attack

By sending a large number of ARP packets to the gateway, the gateway leading to not respond properly. First, send a large number of ARP request packets, and then send a large number of false ARP response packet, resulting in increased CPU utilization gateway part of normal is difficult to respond to service requests, and the gateway will be filled with lead can not be updated to maintain normal incorrect ARP ARP table, consuming network bandwidth resources.

2, ARP spoofing attack the host

ARP ARP spoofing attack is also the host of one of the many common attack types. ARP spoofing attackers by making the attacked hosts in the LAN traffic information sent to the gateway actually sent to the attacker. ARP refresh their host so that the corresponding own ARP cache table is a MAC MAC attacker, so that other users to be sent through the gateway will send a data stream to the host here, this will cause the outer user data vent.

3, spoofing gateway attacks

Gateway is to deceive the other hosts to send data gateway through the gateway in the form of deception so that these data to the attacker via a gateway. This is not a personal attack selected targets but the host LAN gateway, so the attacker will get a steady stream of other users within the LAN data rhyme. Result in the disclosure of data, while the probability of a user's computer viruses will be raised.

4, middle attack

Middle attack simultaneously spoofing hosts and gateways within the local area network, local area network data and user data will be sent to the gateway of the same attacker, so that the user data and the gateway will leak.

5, IP address conflicts attack

Through the LAN physical host scans, scans the MAC address of the LAN physical host, then the MAC attack physical host, hosts in the LAN IP address conflict is generated, it affects the user's normal use of the network.

Demo Op.

lab environment:

In this study, completed in the virtual machine (the actual effect of the real host effect is no different):

Win10 a host system (host is off network control)

Kali system host a (virtual machine control others off the host network)

Experimental requirements: two hosts of the network must be the same within a local area network, or can not achieve.

Operation instructions:

fping -asg network number / Subnet Mask // used to view the online network hosts

arpspoof -i etho -t target gateway ip ip // ARP spoofing

Example:

fping -asg 192.168.1.0/24

About the above meaning can refer to this article: https://blog.csdn.net/aerchi/article/details/39396423

arpspoof -i etho -t 192.168.100 192.168.1.1 // etho network card, network card to see in kali which is now used to write, the general wireless network eth

Start of the experiment:

first step:

First self-check whether the two hosts can be connected to the public network (that is, whether you can connect properly to the Internet).

Step two:

Ip address and gateway address to obtain the 10 win, this experiment is obtained as follows:

ip address: 192.168.1.103

Gateway Address: 192.168.1.1

The third step (negligible):

Objective: To get to the same LAN currently online host situation:

Binding of instructions and the third section, where the input:

Visible after running the command, the background will give us a look inside the current host online network, where a total of five found are: gateway, kali, win10, and other computers in the LAN ip address. (Here we encounter a problem, I would open a computer connected to the LAN Address: 192.168.103, but with this command can not be found, a virtual machine installed only beginning to find a host computer, search and find out a few times two Taiwan, according to the network-related, and sometimes can not find all)

Find terminated: ctrl + c

the fourth step:

After finding the net in the online host, you can choose a target of attacks as, here with win7 is the victim host, attack as follows:

If the test time appears as follows: could not arp for host XX case, the test computer's firewall turned off, or the virtual machine into a bridge on it

(Ps: I can turn off the firewall on the amount of success, but behind the firewall is turned on, you can still succeed, did not know the principles of careful study)

）