Hi,
So I know generally how ARP spoofing works, but I'm not sure about one thing. Let's say we have 3 computers:
Computer A: 1 network interface with ip: 1.1.1.1
Computer B: 2 networks interfaces with ip: 1.1.1.2 (B1 interface) and 2.2.2.2 (B2 interface)
and Computer C: 1 network interface with ip 2.2.2.1
A is connected to B1, and C is connected to B2.
B wants to talk to A, so it sends an ARP packet with B1 to get A's MAC address.
Lets assume C is quicker then A and knows when B sends this packet (edit: I know naturally it wouldn't know this, that is why added this as an assumption, lets say for example, B sends this packet at exactly 5 o'clock, every day, and C knows it.).
So before A sends his answer to B, C will send an ARP response to B2, claiming to own the ip address 1.1.1.1. Will this work even though B2 is on subnet 2.2.2.x? In other words, C will be able to see what B planned to send to A, right?
Another question: Is there any easy way to model this situation (and similar situations) with VMs or something?
Thanks!
No comments:
Post a Comment