Table of Contents

I. Environment

two, arp deception principle

Three, arp spoofing operation

Fourth, the harm of arp deception

5. Defense of arp deception

I. Environment

kali under VMware (attack machine), Windows 7 x64 (target machine)

Kali download link:

https://blog.csdn.net/Stupid__Angel/article/details/125939197

Windows 7 x64 image download link:

Link: https://pan.baidu.com/s/1dvZgIOi1zWBzqXM-EJgZ7A?pwd=abcd
Extraction code: abcd
--Sharing from Baidu Netdisk Super Member V1

Second, the principle of arp deception

What ARP: Address Resolution Protocol

Function: Obtain MAC address according to IP address resolution

Why do you need a MAC address:

1. The MAC address is the address of the link layer encapsulation during encapsulation

2. The switch (layer 2) distributes data packets through the MAC address

Reference knowledge: data encapsulation, data separation

ARP protocol implementation features:

1. Features of ARP protocol: stateless, can reply without request

2. ARP implementation: ARP cache, dynamic instant refresh

Three, arp cheating operation

1. Enter ipconfig /all in the cmd of Windows 7 x64 to view its gateway and IP

2. Enter arp -a again to view the comparison table between ip and mac

3. Open kali, enter sudo su to enter the root user, enter ifconfig to view your ip

4. Enter arp-scan 192.168.230.1-192.168.230.254 to check whether it is under the same network segment as the target machine

5. Enter arpspoof -i eth0 -t 192.168.230.24 192.168.230.2 to indicate that the target machine is disguised as its gateway:

(Initiate attack network port eth0, attack target: 192.168.230.24, attack target gateway: 192.168.190.2 (virtual machine gateway))

6. Check whether the arp of the target machine (Windows 7 x64) has changed. It can be seen from the figure that the mac address of the gateway has changed to the mac address of kali:

7, echo 1 > /proc/sys/net/ipv4/ip_forward (it is to change ip forwarding, 1 is to enable the target function to connect to the external network)

four, the harm of arp deception

1. Harm of ARP spoofing - man-in-the-middle attack

2. Harm of ARP spoofing - terminal disconnection

Principle: Sending false ARP replies confuses the ARP cache of computer terminals in the network, making it impossible to communicate with other computers

Implementation method (tool): arpspoof

Five, arp deception defense

1. Use static ARP cache

2. Use Layer 3 Switching Equipment

3. IP and MAC address binding

4. ARP defense tools