Jump to content

How Many Computers Can One Arpspoof At One Time?


billyblaxsta
 Share

Recommended Posts

Is there a rough number of computers one can arpspoof by broadcasting your MAC as the router before the whole network collapses?

I realise this depends on the attackers computer so let's just say an average laptop - nothing special.

Any personal experiences of arpspoofing multiple computers would be appreciated.

Link to comment
Share on other sites

I've had up to 3 wireless devices running through me at one time, but this was my own network for testing and not a fat pipe of data going in or out. If you are on wireless and not close to the proximity of the router, I would think things will start to get funky with lost packets, or even time outs because of the location of devices, you aren't going to drown out the router if you have a weak signal and are a block from the AP. That said, there really isn't a limit so far as the bandwidth limitation and signal of your network interface and the traffic they are trying to run.

I would imagine if someone you arp spoof was doing bit torrent downloads it would eat up considerable resources to try and pull that data and throw it back via MITM. I've not tried spoofing a fat network pipe with wireless though, so you would have to run some tests to see at what point it just dies or if it all works fine, but my guess is it would fall over at some point if too many workstations tried routing through you and the bandwidth exceeded the time to live. Generally, MITM is kind of a 1 on 1 deal, to pull specifics from a target you have done reconnaissance on. Especially if you are tring to capture all of this simultaneously with wireshark or tcpdump, why add multiple threads of traffic which could expose you in the process. If you have a wired gigibit interface, then not so much as issue to run multiples of arp spoofs I would think, but again, not tried routing the backbone of a network through my wireless.

Link to comment
Share on other sites

It all comes down to how much bandwidth the network (as stated by Digip) has and how fast you machine is. If you have a slow machine, that will also be another limiting factor, since all the traffic is going through your machine, and its just not being able to handle all that traffic, so therefore it will become a bottleneck in the network, compromising performance and slowing everyone you are arpspoofing down.

Edited by Infiltrator
Link to comment
Share on other sites

My network-fu is not very strong, but I believe the max is the number of nodes on your network segment that you can reach via ARP. In school, I used to MitM the four other guys in the house with ettercap. When looking at the packets, you're basically telling the victims that the gateway's MAC address is your MAC address. It's been years since I've done any real network stuff, so someone speak up if I'm wrong.

Link to comment
Share on other sites

My network-fu is not very strong, but I believe the max is the number of nodes on your network segment that you can reach via ARP. In school, I used to MitM the four other guys in the house with ettercap. When looking at the packets, you're basically telling the victims that the gateway's MAC address is your MAC address. It's been years since I've done any real network stuff, so someone speak up if I'm wrong.

Well, I've not done any heavy lifting with say 100 workstations trying to route through me, but as you said, you're telling the router you are the victim and the victim you are the router, so ALL traffic send or received by the victim would route through you. Add to that, every node on the segment as you put it, and you could be bombarded with so much traffic, you would become the bottleneck and things would start failing. That is my theory, but not tested. Interestingly enough, Darren just did a HakTip episode/interview from Defcon, where a gentleman gave a demo of a tool that does MITM for basically all things wifi. Not sure what the limit is on throughput, but I imagine you would be slowing everyone else down severely if trying to sustain long term, multiple spoofs at the same time. Again, just my theory, but not actually tested, so can't say definitively.

Link to comment
Share on other sites

Well, I've not done any heavy lifting with say 100 workstations trying to route through me, but as you said, you're telling the router you are the victim and the victim you are the router, so ALL traffic send or received by the victim would route through you. Add to that, every node on the segment as you put it, and you could be bombarded with so much traffic, you would become the bottleneck and things would start failing. That is my theory, but not tested. Interestingly enough, Darren just did a HakTip episode/interview from Defcon, where a gentleman gave a demo of a tool that does MITM for basically all things wifi. Not sure what the limit is on throughput, but I imagine you would be slowing everyone else down severely if trying to sustain long term, multiple spoofs at the same time. Again, just my theory, but not actually tested, so can't say definitively.

You're right, there are limitations. My reply was just the pure numbers, like the friction-less lab in physics. IRL, tubes get full ;]

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...