Address Resolution Protocol and ARP Spoofing
in english ARP Spoofing in our language and ARP Poisoning or ARP Cache Spoofing Before we know what the attack is, which we translate as “What is ARP?” need to answer the question.
What is Address Resolution Protocol?
Address Resolution Protocol, in short, ARP is a type of internet protocol. It is a protocol that converts addresses at the network layer in a way that the data link layer (Layer 2) can understand. Address Resolution Protocol binds the ever-changing IP address to the physical machine address known as the MAC address in the local area network (LAN).
What is ARP Poisoning?
ARP poisoning is a type of attack where the attacker sends fake Address Resolution Protocol messages on the local area network. By associating his MAC address with the IP address of a different system, the attacker aims to attract the network traffic coming to this address. Thus, the attacker seizes the environment that can carry out the Man in the Middle attack.
How Does ARP Poisoning Affect the System?
Since the vulnerability triggers the emergence of man-in-the-middle attack, it is considered as an extremely important vulnerability. An attacker who wants to infiltrate the target system and obtain data can use the deception technique to monitor the inbound traffic between the victim and the machine that the victim wants to communicate with.
An attacker who enters between two machines can capture sensitive data by reading packets that go back and forth during communication.
How Can ARP Spoofing Be Detected?
ARP fraud is a type of attack that is often used during penetration testing. Besides penetration tests, it is also used by malicious people. A malicious person in your corporate network can get between two machines and listen to the traffic and cause extremely critical data to be leaked. General on a network where spoofing is suspected forensics And network forensics With these studies, it can be determined whether the man-in-the-middle attack has been carried out. During forensic studies, the server's IP address and DNS information are examined. Then, the validity status of the server's certificates can be analyzed and it can be examined whether a fraud originating from the Address Resolution Protocol has occurred.
How to Prevent ARP Poisoning?
There are some techniques that can be applied to prevent this attack, which is extremely troublesome and difficult to detect, before it occurs.
- A strong firewall should be used.
- Software that detects and prevents poisoning should be used.
- Encrypted network protocols should be preferred. A strong TLS algorithm should be used and web traffic should be forwarded over HTTPS.
- The Wireless Network password must contain complex characters and must be longer than 12 characters. Untrusted persons should never be included in the network.
- By filtering network packets ARP poisoning understandable whether it is done or not. Packets with conflicting source addresses should be blocked.