RE: Arp spoofing & dsniff

From: Dustin Trammell (DTrammell@PENSON.COM)
Date: 05/13/02


From: Dustin Trammell <DTrammell@PENSON.COM>
To: pen-test@securityfocus.com
Date: Mon, 13 May 2002 15:35:46 -0500


>> This is something I'd like to know: Is [Spoofing] the correct term for
>> this ARP modification technique? Would "ARP Poisoning" be a better or
>> correct one than 'spoofing'?.
>
>Spoofing according to Merriam Webster means "to decieve". >
>
>Technically arp-spoofing would be forging packets with the hardware
>address of the host you are pretending to be.
>
>Arp Poisoning would involve you making the victim host believing that IP
>Address XXX.XXX.XXX.XXX has MAC Address XX.XX.XX.XX.XX.XX
>
>That I think should highlight the difference, but I do believe people
>use the terms interchangably.

I believe that the reason most people use the terms interchangeably, is that
usually you are using arp-spoofing as the technique to allow poisoning of a
target's arp cache. You can use arp-spoofing for other purposes, and you
can poison arp cache using other techniques, but the two used together as
described above is by far the most common discussed.

---
Dustin D. Trammell
Information Security Specialist
Penson Financial Services, Inc.

---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/