This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Malicious JavaScript Insertion through ARP Poisoning Attacks
May/June 2009 (vol. 7 no. 3)
pp. 72-74
Bojan Zdrnja, INFIGO IS
Details about ARP poisoning attacks as well as countermeasures have been known for years. Yet, most networks are still vulnerable to these attacks because they haven't implemented defenses. This article explains how ARP poisoning attacks work and analyzes how such attacks are exploited in the wild against Web hosting companies, where the ARP poisoning attacks are used for real-time network traffic modification.

1. D.C. Plummer, An Ethernet Address Resolution Protocol, RFC 826, Nov. 1982; http://tools.ietf.org/htmlrfc826.
2. C. Seifert, "Know Your Enemy: Behind the Scenes of Malicious Web Servers," Honeynet Project, Nov. 2007; www.honeynet.org/paperswek.
3. B. Zdrnja, "Massive ARP Spoofing Attacks on Web Sites," SANS Internet Storm Center, Mar. 2009; http://isc.sans.orgdiary.html?storyid=6001
4. Y. Bhaiji, Network Security Technologies and Solutions, CCIE Professional Development Series, Cisco Press, 2008.

Index Terms:
arp poisoning, Address Resolution Protocol, ARP, network, security, malicious javascript insertion, security & privacy, attack trends
Citation:
Bojan Zdrnja, "Malicious JavaScript Insertion through ARP Poisoning Attacks," IEEE Security & Privacy, vol. 7, no. 3, pp. 72-74, May-June 2009, doi:10.1109/MSP.2009.72
Usage of this product signifies your acceptance of the Terms of Use.