Results 1 to 4 of 4

Thread: Proxy ARP an issue?

Threaded View

  1. #1
    Junior Member nightlybuild's Avatar
    Join Date
    Feb 2010
    Location
    InYourBucci/Chicago
    Posts
    36

    Default Proxy ARP an issue?

    I recently did a host scan with ettercap (just looking around) and found that all of the IP addresses (which were all different) had the same MAC address. I did a little research and came up with a proxy arp possibly being the cause of this. The way I understand it is that every single computer (including the one I was on) can only see one mac address, which I think is the arp proxy. From reading I understand that all computers will send data to that arp proxy and then the proxy will identify where it must go based on it's arp tables which it keeps track of. If this is the way it all works then wouldn't Man in the Middle attacks not work since all you can see is the arp proxy, or is there away around this. Can someone clarify this for me, I never heard of an arp proxy before, neither do I know that this is what is happening in my case, it just seemed like it would make the most sense. It seems kind of funny seeing all these different IP addresses all with the same MAC address.
    Thanks!

    I found this on this site: Verkot: Model answer 5, st-98

    "Hosts which are using proxy ARP are not concious about the fact that they have been subnetted. Response from any machine is as valid as response from server w hich handles routing.

    Whole idea of proxy ARP is spoofing. (Comer: figure 10.2 page 142): "In essence, R lies about IP-to-physical address bindings."

    Proxy ARP is based on trust - every request and reply is considered legitimate.

    It is also impossible to implement warning which alerts when two IP addresses map to the same physical address. "

    Can someone explain to me how ettercap would relate to this and also if two IP addresses have the same physical address, would both computers receive the packets? It would really help me if someone explained how ARP poisoning would work in a situation with Proxy ARP...it seems like there would be a conflict (I can't even get real MAC addresses)
    Last edited by lupin; 03-04-2010 at 09:45 AM. Reason: Merging...
    If you get tired of listening to your music... cat /vmlinuz > /dev/audio
    -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
    Macbook 2.4Ghz Dual Core, 4GB Ram, Edimax EW-7318USG, BT4

Similar Threads

  1. WPA handshake issue?
    By brawngp in forum Beginners Forum
    Replies: 4
    Last Post: 03-01-2010, 06:17 AM
  2. Macbook Pro 5,1 DWA-643 issue
    By darlord in forum Beginners Forum
    Replies: 1
    Last Post: 02-24-2010, 08:17 AM
  3. BT4 on IBM ThinkPad T43 Wireless Issue
    By khaji00 in forum Beginners Forum
    Replies: 1
    Last Post: 02-21-2010, 11:02 AM
  4. Issue solved???
    By PunksUndead in forum Beginners Forum
    Replies: 1
    Last Post: 01-31-2010, 11:50 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •