Silk Road forums
Discussion => Security => Topic started by: KaleidescopeVision on July 14, 2012, 02:23 am
-
If someone has a message that says "Unsolicited ARP reply detected... This may be a threat to your computer" from an antivirus periodically what does this mean?
-
ARP stands for Address Relay Protocol. It associates your IP address to your mac address. Also associates MAC and IP addresses of any hosts on the network.
It basically is an internet protocol that lets computers associate IP address with MAC adresses in order to communicate with eachother over a LAN. Common man-in-the-middle(MITM) attacks exploit this protocol. The attacker may send spoofed ARP packets to your computer to trick it into believing that the attackers computer is the router(or gateway). This results in all your traffic being directed towards the attacker who then re-routes it to the router. The end product is the attacker being able to steal passwords, etc.
It's been a while since I've done anything MITM related, so alot of my points are probably slightly off. Plus I'm quite drunk right now. But in my opinion I would just make sure there are no unwanted guests on your network that could be trying to spoof your router.
-
Thank you drunk knight! I am so glad my passwords are to accounts that are so freaking useless. Anyways, I am sure you had better things to worry about than my net security, so I really appreciate it. 8)
-
ARP stands for Address Relay Protocol. It associates your IP address to your mac address. Also associates MAC and IP addresses of any hosts on the network.
Actually, ARP stands for Address Resolution Protocol.
But you are correct, ARP is used to map an IP address to a MAC address on a LAN, and it can be spoofed to do a MITM attack. However, to do so, the attacker must have a node on your LAN (which can include a WiFi access point). An ARP packet never crosses a router, so this sort of attack cannot be performed from the Internet cloud to your local network.
- Bit