What is the MITM (Man in The Middle) Attack using ARP Poisoning?

MITM stands for a man-in-the-middle attack. It is a cyber-attack where an attacker transmits and probably alters the connection between two parties who consider they are communicating precisely. This enables the attacker to transmit communication, investigate, and even change what each party is saying.

In MITM, it can define a type of cyberattack where an intruder covertly taps transmissions connecting two entities to check or develop traffic therebetween. Malicious ones can use MitM attacks to seize passwords or multiple sensitive data, snoop on the prey, disrupt links, or distort content.

Types of MITM

The types of MITM are as follows −

Rogue Access Point

Devices supplied with wireless cards will generally try to auto-connect to the access point that is transmitting the powerful signal. Attackers can start their wireless access point and deceive nearby devices to join its area.

ARP Spoofing

ARP stands for Address Resolution Protocol. It can be used to resolve IP addresses to physical MAC (media access control) addresses in a local area network. When a host requires to speak to a host with a provided IP address, it remarks the ARP cache to intent the IP address to a MAC address. If the address is unidentified, a request is created asking for the MAC address of the device with the IP address.

An attacker wants to pose as multiple hosts could behave to requests it must not be acknowledging to with its own MAC address. With some accurately situated packets, an attacker can detect the private traffic among two hosts. Valuable data can be derived from the traffic, including the swap of session tokens, yielding complete access to software accounts that the attacker must not be adequate to access.

mDNS Spoofing

Multicast DNS is equal to DNS, but it’s completed on a local area network (LAN) using broadcasts such as ARP. This creates a proper target for spoofing attacks. The local name resolution system is apparent to produce the configuration of network devices simply.

Users don’t have to understand accurately which addresses their devices must be connecting with. They allow the system to decide it for them. There are various devices including TVs, printers, and entertainment systems created to use this protocol because they are frequently on trusted networks.

When an application requires understanding the address of a specific device, an attacker can simply acknowledge that request with the fake record, informing it to undertake an address it has control over. This happens because the devices keep a local cache of addresses and the victim will see the attacker’s device as dependable for a specific time.