ARP Spoofing/DNS Spoofing - difference [closed]

Question

Is there a difference between ARP Spoofing and DNS Spoofing, or they are one and the same thing?

Answer 1

ARP (Address Resolution Protocol) Spoofing is when an attacker sends out fake replies to an ARP Request. This is done usually to impersonate a router so that an attacker can intercept traffic.

DNS (Domain Name Service) Spoofing is when an attacker replies to DNS Requests (sent to resolve the IP address of a hostname) with false IP information. This is typically used to redirect users to false websites.

Answer 2

ARP spoofing is when the attacker is sending out ARP messages from a non-authoritative DHCP server in order to change the IP/Gateway, or in that case the DNS servers of the victim.

Once the DNS server of the victim has been changed then the attacker can start the DNS-spoofing attack, which means that the victim's DNS requests are now redirected to a non-authoritative DNS server which may lie about the IP address of a bank.

By doing so the attack can get the victim to surf to http://www.yourbank.com, using a valid SSL-cert from the bank, but the IP of the server will be another one. That way the attacker can get access to your bank information and pretty much empty your account. WEB browsers will not complaint about wrong URL in the SSL-certificate.