RE: Arp spoofing & dsniff

From: Dustin Trammell (DTrammell@PENSON.COM)
Date: 05/13/02

From: Dustin Trammell <DTrammell@PENSON.COM>
Date: Mon, 13 May 2002 15:35:46 -0500

>> This is something I'd like to know: Is [Spoofing] the correct term for
>> this ARP modification technique? Would "ARP Poisoning" be a better or
>> correct one than 'spoofing'?.
>Spoofing according to Merriam Webster means "to decieve". >
>Technically arp-spoofing would be forging packets with the hardware
>address of the host you are pretending to be.
>Arp Poisoning would involve you making the victim host believing that IP
>Address XXX.XXX.XXX.XXX has MAC Address XX.XX.XX.XX.XX.XX
>That I think should highlight the difference, but I do believe people
>use the terms interchangably.

I believe that the reason most people use the terms interchangeably, is that
usually you are using arp-spoofing as the technique to allow poisoning of a
target's arp cache. You can use arp-spoofing for other purposes, and you
can poison arp cache using other techniques, but the two used together as
described above is by far the most common discussed.

Dustin D. Trammell
Information Security Specialist
Penson Financial Services, Inc.

---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: