0

I'm trying to run arp spoofing on a network. I've been working on this for about a week, and all the information I find is dated year 2000-2001.

My issue is, after testing a script that uses arpspoof on one network (worked fine, more or less), on another network, it doesn't seem to work at all. There doesn't seem to be any redirection.

My question is, since I can't find any new information on this, I'm beginning to think that ARP is old, outdated technology, that was abandoned due to its vulnerabilities. I'd like for someone to tell me I'm wrong.

Otherwise, is it possible that the network is using some protection from arp spoofing? If so, how does it work, and are there workarounds?

Thank you very much for your time!

smaslennikov
  • 196
  • 6
  • 1
    ARP is in use in 99% of networks today and has been unchanged for years. Switches are able to protect from ARP poisoning in some cases, but not all depending on the setup. Its very common for large public networks to have some protection from this attack. – Silverfire Oct 18 '11 at 01:01
  • 3
    It's worth noting that IPv6 does not have ARP, it has neighbour discovery which performs the same purpose – Mark Henderson Oct 18 '11 at 01:05

2 Answers2

2

ARP is still very much in use in IPv4 networks, but it is definitely possible for switches to lock a given IP to a specific MAC address (ARP resolves IP addresses to their MACs) which would prevent this from working.

How it's being done depends on how it was configured, but the only way to work around it is likely to contact whomever runs the network and explain what you are trying to do and see if they will allow it.

Sean Reifschneider
  • 10,720
  • 3
  • 25
  • 28
  • Is that a popular way of protecting a network from ARP spoofing? – smaslennikov Oct 19 '11 at 03:15
  • 1
    I don't honestly know about the popularity of different techniques. I personally put each customer into their own VLAN so gratuitous ARPs can only impact their own services, I suspect that that old saw is true about this as well: If you ask 10 network engineers what is a popular way of protecting networks from ARP attacks, you'll probably get a dozen answers. :-) – Sean Reifschneider Oct 21 '11 at 05:55
1

ARP spoofing is a vulnerability known by switch vendors for quite some time. Long enough for countermeasures to start being put into place. Sometimes these have to be turned off when things like virtual IP addresses are used by (some) clusters; these networks have a legitimate reason for two devices to ARP the same address.

sysadmin1138
  • 133,124
  • 18
  • 176
  • 300