Spoofing - pretending to be something you're not

ARP - For when a device needs to communicate with another IP on the same network

• The device broadcasts a request asking "whose MAC address is associated with this IP?"
• The device with that IP will send a response back containing its MAC address
• The original device will cache the IP and MAC address together in its ARP Cache

ARP Poisoning / IP Spoofing - impersonating another device on a network

• ARP does not have security built in
• A malicious device sends an unsolicited ARP response
  • ARP is stateless, so a device does not remember if it has sent an ARP request
  • Therefore, any time it receives an ARP response, it interprets it as usual
• The malicious device says that ITS MAC address is associated with the IP of, say, a router
• The victim device will update its ARP cache, associating the IP address of the router with the MAC address of a malicious device
• The malicious device will commonly forward traffic sent to it to the router such that neither the victim nor router know about it

DNS Poisoning - impersonating another website

• Can be done by modifying a DNS server or the responses it sends
  • Changing the IP address for a domain inside a DNS server
  • Modifying DNS responses as they are being sent
• Can also be done by modifying a machine's hosts file
  • A file that associates domain names with IP addresses and has a higher priority than DNS responses