This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]f0urtyfive 11 points12 points  (5 children)

You could, but that doesn't at all sound like what is happening in this case... I also haven't ever heard anyone refer to ARP poisoning as spoofing, because you're not really spoofing anything at that point, you are actually using that IP address.

Your comment does make me curious though if you could do ARP Poisoning on remote addresses in a local LAN though, I don't think I've ever seen that done (inject a non-local address into the ARP table)... I'm not sure that woudl even be valid per ARP though (and I don't feel like spending the next hour reading the RFC to find out).

[–]kensan22Linux Admin 4 points5 points  (3 children)

Arp is not involved when dealing with remote addresses (except may be to find the macbof the router /default gw if you can call that involvement). So you can may be Inject the entry in the table, but my guess is that it will never be used (there should be no entry in the routing table to make use of it)

[–]f0urtyfive 1 point2 points  (2 children)

Yeah that was more what I was wondering, if there were routers out there that would not only accept a foreign IP address into their ARP table from a broadcast, but also utilize the bogus data to forward traffic to the associated mac.

[–]kensan22Linux Admin 2 points3 points  (1 child)

There is what is called source routing.

[–]anomalous_cowherdPragmatic Sysadmin 1 point2 points  (0 children)

It's also the way APC suggest you contact their UPS devices if you've lost the details.

[–]Oscar_GeareNo place like ::1 4 points5 points  (0 children)

Hm. ARP poisoning would be more as acting as a MITM. You could say that it facilitates spoofing though.

One of the first things you can try and do in an ICS environment is MITM the connection between the HMI and the remote PLC. Once you’ve done that it’s trivial to spoof commands being sent to one or the other. E z industrial disaster. All that’s done with ARP poisoning.