subject: How To Dodge Arp Poisoning? [print this page] A Successful Arp poisoning is invisible to the user. Since the end user is unaware of ARP poisoning he will browse the internet normally while the attacker is collecting data from the session. The data collected may be passwords, banking accounts, emails and websites. This is known as Man in the Middle Attack.
How does this happen? The attacker sends poisoned ARP request to the gateway router device. The gateway router is now brainwashed, to think that the route to any PC through the Subnet needs to pass through the attackers PC. On the other hand, all hosts on the subnet think that the attacker PC/MAC is the actual gateway and they send all traffic and information to this computer. However, the attacker PC forwards all this data to the gateway.
Therefore there is one attacker PC that sees all traffic on the network. And if this attack is aimed at one single PC the attacker can just Spoof this victims PC to his own and only effect on the network. The attackers PC has to be really fast as the gateway has large routing tables and many sessions are running in parallel. Most regular PCs cannot handle a large inflow of data and this causes the network to freeze or crash. This happens as the attackers PC is not compatible enough and the number packets have dropped as the PC is unable to keep up with the flow of large volumes of data.
Most people are prejudiced to think that using a PC from the safe corner of their home is the best option. Here is some news for them, until and unless you do not have a firewall installed on the internet connection, there is always a danger of spoofing of outbound data from your home PC. If you are using wireless, it is important to encrypt it, otherwise you would be drawing undue attention from attackers. In order to prevent a hacker form spoofing the gateway there are various utilities that can be employed to monitor the Arp Cache of a machine to see if, there is any duplication for a machine.
However, the best way to secure a network against sniffing is encryption. Now, you may not be able to stop attackers from sniffing, but the data that they receive would be made un-interpretable. Also, on a switched network, the chances are ARP spoofing would be used for sniffing purposes. In order to prevent the hacker from spoofing the default gateway, you must add MAC address to the gateway permanently and clear Arp cache. Other suggestions to clear ARP cache include using SSH instead of telnet and making use of HTTPS instead of HTTP. For those concerned about email privacy there is www.Hushmail .com which allows encryption of email data during transit. There is www.gnupg .org that encrypts email and other information so the sniffers cannot read them.
