Address Resolution Protocol Spoofing and Man-in-the-Middle Attacks

by Robert Wagner
Sept. 1, 2017 0 comments SANS Institute threats/vulnerabilities

The classic Man-in-the-Middle attack relies on convincing two hosts that the computer in the middle is the other host. This can be accomplished with a domain name spoof if the system is using DNS to identify the other host or address resolution protocol (ARP) spoofing on the LAN. This paper is designed to introduce and explain ARP spoofing and its role in Man-in-the-Middle attacks. The term Man-in-the-Middle is historical usage -- it does not imply that only men can use these attacks. Perhaps Teenager-in-the-Middle or Monkey-in-the-Middle would be more accurate terms.