Jump to content

ARP Spoofing - how to more effectively poison the ARP cache?


Recommended Posts

Let's imagine a hypothetical scenario.

Bob is sitting in a cafe arpspoofing and sslstripping. He has checked his configuration and logs and everything works properly. The cafe is using a standard home router (192.x.x.x) to provide its customers with internet access.

In his logfile he sees various POST and SECURE POST entries which sometimes have username / password combinations.

However, he is perplexed. This is because he knows that there are plenty of people around him logging into webmail (and thus generating POST or SECURE POST requests) yet his logfile does not show these enteries.

This is, presumably, because at the exact moment that the target entered the POST request, the target's ARP cache was showing the real router's IP address rather than the attacker's IP address pretending to be the router.

Two questions:

First, is it possible to be too near to another computer and hence somehow their ARP cache will not be updated with the attacker's IP? Or does the success or failure of arpspoofing in no way depend on th attacker's distance from the target?

Second, is there a way to speed up the ARP poisoning? If success or failure is dependent on whether or not the attacker's IP is in the target's ARP cache, then I would have thought (perhaps incorrectly) that sending more frequent ARP packets would be the solution. I know, from Wireshark logs, that arpspoof sends out ARP requests every 2 seconds. Why can't it (or any other similar tool) send out packets every 0.5 seconds (for example)?

Opinions? Thanks.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...