…I could have skipped this topic and would have directly explained its implementation for hacking Gmail within a LAN or Wireless LAN but it would be like preaching nonsense hacking. Before starting, I would want you people to get yourselves aware of IP ( Internet Protocol), MAC ( Media Access Control ), and NIC (Network Interface Card), explainig all of them will take much time. So, here we go…..
Address Resolution Protocol, the network uses this technique to pair a MAC address with the IP of the same machine. Sounds uneasy ??
Okay, Let us go back to our first day in the school, At the beginning of class, the teacher called from a list of names, expecting you to reply when she called yours. She did this to associate your name with your face. Every kid heard every name, but answered only to his or her own name. ARP uses a similar technique to associate an IP address to the MAC address. It is like a network role call.
Assume 2 systems A & B on a LAN, Let’s assign A the IP address, 192.168.39.101, and suppose its NIC has the MAC address, 00:A0:24:30:2E:13. And suppose you need to send a file to B in . When A attempts to send B a file, A first obtains B’s IP address. Upon seeing that the IP address is local (on the same subnet), A knows he is capable of sending the file to its destination, if he learns the “real” (MAC) address associated with that IP address. To learn the MAC address, A does what your teacher did on the first day of school. He calls out to the entire local network asking that the computer with the IP in question reply “Here!” with a MAC address.
Let’s say that B has the IP, 192.168.39.148. To find the MAC address for B, A would send the following (simplified) ARP request:
From: To: Packet Content
(A ‘s MAC address) (Broadcast address)
00:A0:24:30:2E:13 FF:FF:FF:FF:FF:FF Who has 192.168.39.148 ?
Notice the special address in the “To” field above. That special address (all Fs) is the MAC broadcast address. Anything sent to that address goes to every computer on A’s LAN segment. All those computers receive the message, but ignore it, because it doesn’t pertain to them — with the exception of B. Because B is 192.168.39.148, it replies with its MAC address, like this:
From: To: Packet Content
(B ‘s MAC address) (A ‘s MAC address)
00:A0:24:30:4C:23 00:A0:24:30:2E:13 I have 192.168.39.148
Now A has “resolved” the IP address 192.168.39.148 to its MAC address, 00:A0:24:30:4C:23. A can send files directly to the correct piece of hardware that accepts network traffic on behalf of B (B ‘s NIC) . Bonus: B also remembers A ‘s IP address and MAC address, because they were part of A ‘s initial ARP request.
This entire process I ‘ve just described is what geeks mean when they say “it’s ARPing for a MAC address.”
One form of hacker attack even involves feeding bad data to ARP tables, a practice known as ARP poisoning. The founders of networking probably simplified the communication process for ARP so that it would function efficiently. Unfortunately, this simplicity also leads to major insecurity.
When a networked device sends an ARP request, it simply trusts that when the ARP reply comes in, it really does come from the correct device. ARP provides no way to verify that the responding device is really who it says it is. In fact, many operating systems implement ARP so trustingly that devices that have not made an ARP request still accept ARP replies from other devices.
Now you probably understand why this common technique is called ARP Cache Poisoning (or just ARP Poisoning): the attacker lies to a device on your network, corrupting or “poisoning” its understanding of where other devices are. This frighteningly simple procedure enables the hacker to cause a variety of networking woes, that are Man in the Middle Attacks, MAC flooding, DoS ( Denial of Services).
Only local attackers can exploit ARP’s insecurities. A hacker would need either physical access to your network, or control of a machine on your local network, in order to deliver an ARP Cache Poisoning attack. ARP’s insecurities can’t be exploited remotely.
Rest in next post !
reference and source: watchguard.com