ARP欺骗
 
The principle of ARP spoofing is to send fake, or "spoofed", ARP messages to an Ethernet LAN. Generally, the aim is to associate the attacker's MAC address with the IP address of another node (such as the default gateway). Any traffic meant for that IP address would be mistakenly sent to the attacker instead.
 
利用ARP欺骗成功毒化目标主机的ARP缓存之后,可以实施以下三种***行为:
 
The attacker could then choose to forward the traffic to the actual default gateway ( passive sniffing) or modify the data before forwarding it ( man-in-the-middle attack). The attacker could also launch a denial-of-service attack against a victim by associating a nonexistent MAC address to the IP address of the victim's default gateway.
 
即数据包嗅探,中间人***和拒绝服务***。
 
ARP欺骗的防范方法:
1. The only method of completely preventing ARP spoofing is the use of static, non-changing ARP entries
2. DHCP snooping can be configured on LAN switches to bolster the security on the LAN to only allow clients with specific IP/MAC addresses to have access to the network.
3. Monitor Gratuitous ARP, Gratuitous ARP could mean both gratuitous ARP request or gratuitous ARP reply.
 
第一种方法最有效,但是维护映射表的工作量太大,不适用于大型网络。
第二种方法需要交换机支持。
第三种方法最容易实现,很多IPS系统都采用这种方法,但是不能完全消除网络中的ARP欺骗。