Abstract :
The Address Resolution Protocol (ARP) is a core communication protocol used for LANs. RFC 826 defined it in 19821 but paid little attention to security. Although we´ve been aware of potential attacks against ARP for more than 10 years, we´ve only recently started observing them in the real world, especially from various Chinese hacking groups. Here, I explain ARP attack fundamentals and analyze recent attacks that used ARP poisoning against Web hosting companies to let attackers insert malicious code into virtually thousands of Web sites.
Keywords :
Java; Web sites; computer crime; local area networks; protocols; ARP poisoning attacks; LAN; Web hosting; Web sites; address resolution protocol; malicious JavaScript insertion; real-time network traffic modification; security; Access protocols; Ethernet networks; Internet; Java; Local area networks; Media Access Protocol; Security; Storage area networks; Storms; TCPIP; ARP; Address Resolution Protocol; arp poisoning; attack trends; malicious javascript insertion; network; security; security & privacy;
