|
In computer networking, ARP spoofing, ARP cache poisoning, or ARP poison routing, is a technique by which an attacker sends (spoofed) Address Resolution Protocol (ARP) messages onto a local area network. Generally, the aim is to associate the attacker's MAC address with the IP address of another host, such as the default gateway, causing any traffic meant for that IP address to be sent to the attacker instead. ARP spoofing may allow an attacker to intercept data frames on a network, modify the traffic, or stop all traffic. Often the attack is used as an opening for other attacks, such as denial of service, man in the middle, or session hijacking attacks. The attack can only be used on networks that use the Address Resolution Protocol, and is limited to local network segments. ==ARP vulnerabilities== The Address Resolution Protocol is a widely used communications protocol for resolving Internet layer addresses into link layer addresses.〔ARP was defined by (RFC 826 ) in 1982.〕 When an Internet Protocol (IP) datagram is sent from one host to another in a local area network, the destination IP address must be resolved to a MAC address for transmission via the data link layer.〔 When another host's IP address is known, and its MAC address is needed, a broadcast packet is sent out on the local network. This packet is known as an ''ARP request''. The destination machine with the IP in the ARP request then responds with an ''ARP reply'', which contains the MAC address for that IP.〔 ARP is a stateless protocol. Network hosts will automatically cache any ARP replies they receive, regardless of whether Network hosts requested them. Even ARP entries which have not yet expired will be overwritten when a new ARP reply packet is received. There is no method in the ARP protocol by which a host can authenticate the peer from which the packet originated. This behavior is the vulnerability which allows ARP spoofing to occur.〔〔 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「ARP spoofing」の詳細全文を読む スポンサード リンク
|