ARP-spoofing

ARP-spoofing

The current version of the page has not yet been tested by experienced participants and may differ significantly from the version tested on April 12, 2012; checks require 17 edits.
ARP-spoofing is an attack technique on Ethernet networks that allows intercepting traffic between nodes. Based on the use of the ARP protocol.

When using remote search algorithms in a distributed computer network, it is possible to implement a typical distant object of a distributed computer system in such a network. An analysis of the security of the ARP protocol shows that by intercepting a broadcast ARP request on an attacking node within a given network segment, you can send a false ARP response, in which you declare yourself the desired node (for example, a router), and further actively monitor the network traffic of the disinformed node, acting on it according to the “false object RVS” scheme.

Tools for performing ARP spoofing:

Ettercap
Cain & Abel,
dsniff
arp-sk,
Arp builder
AyCarrumba.
Intercepter-ng
Tools and methods for detecting and preventing ARP spoofing:

programs arpwatch, BitCometAntiARP;
VLAN organization;
using PPTP - does not have adequate protection. OpenVPN PPPoE is considered the most reliable;
Encryption of traffic in the local network (IPSec).