I've been reading about ARP poisoning and how easy is to sniff a LAN.
All this possible thanks for the null security in the ARP protocol.
So i see ARP is in the data link layer ...
Now i would like to know... what "prevents" from doing the same thing between a client and a server on the internet instead of a client and a server in a LAN?
TCP?
I know IP spoofing exists for this purpose. But im confused about the protocols... and transmission of packets i guess.
In a lan you also intercept those TCP packets with a sniffer. So what is the "secure" thing that will not allow someone to just turn on a sniffer pointing to a client machine somewhere on the internet, to capture the packets going between this client and the server..? It is the TCP handshake (SYN-ACK) what makes the difference to not let easily exploit this as you do with ARP?
Im lost.
Thanks
2007-03-15 19:25:17 · 1 answers · asked by axo 2 in Computers & Internet ➔ Security
Arp poisoning needs to occur on the local network. A pretty good explanation of arp poisoning and prevention thereof can be found at the following link:
http://www.watchguard.com/infocenter/editorial/135324.asp
2007-03-16 05:17:06 · answer #1 · answered by Anonymous · 0⤊ 1⤋