[資安小常識] 什麼是ARP 偽造攻擊?
<P><A href="http://blogs.technet.com/twsecurity/archive/2009/11/11/arp.aspx">http://blogs.technet.com/twsecurity/archive/2009/11/11/arp.aspx</A></P>
<P> </P>
<H2>[資安小常識] 什麼是ARP 偽造攻擊? </H2>
<P style="LINE-HEIGHT: 14pt"><SPAN style="FONT-FAMILY: 'Verdana', 'sans-serif'; FONT-SIZE: 9pt" lang=ZH-TW><SPAN style="FONT-FAMILY: '微軟正黑體', 'sans-serif'; FONT-SIZE: 11pt; mso-bidi-font-family: Calibri; mso-ansi-language: EN-US; mso-fareast-language: ZH-TW; mso-bidi-language: AR-SA" lang=ZH-TW><SPAN style="FONT-FAMILY: 'Verdana', 'sans-serif'; FONT-SIZE: 9pt" lang=ZH-TW><SPAN style="FONT-FAMILY: '微軟正黑體', 'sans-serif'; FONT-SIZE: 11pt; mso-bidi-font-family: Calibri; mso-ansi-language: EN-US; mso-fareast-language: ZH-TW; mso-bidi-language: AR-SA" lang=ZH-TW><STRONG><FONT face="">ARP 偽造攻擊</FONT></STRONG></SPAN></SPAN><FONT face=Verdana> </FONT></SPAN></SPAN></P>
<P style="LINE-HEIGHT: 14pt"><SPAN style="FONT-FAMILY: 'Verdana', 'sans-serif'; FONT-SIZE: 9pt" lang=ZH-TW><SPAN style="FONT-FAMILY: '微軟正黑體', 'sans-serif'; FONT-SIZE: 11pt; mso-bidi-font-family: Calibri; mso-ansi-language: EN-US; mso-fareast-language: ZH-TW; mso-bidi-language: AR-SA" lang=ZH-TW><FONT face="">近來在許多安全案例中,不斷看到這種偽造手法出現,導致企業或使用者受到損失,到底甚麼是 ARP 偽造攻擊?</FONT></SPAN></SPAN></P>
<P style="LINE-HEIGHT: 14pt"><SPAN style="FONT-FAMILY: 'Verdana', 'sans-serif'; FONT-SIZE: 9pt" lang=ZH-TW><SPAN style="FONT-FAMILY: '微軟正黑體', 'sans-serif'; FONT-SIZE: 11pt; mso-bidi-font-family: Calibri; mso-ansi-language: EN-US; mso-fareast-language: ZH-TW; mso-bidi-language: AR-SA" lang=ZH-TW><FONT face="">首先說明甚麼是 ARP,ARP (Address Resolution Protocol) 是負責將 IP 位址轉換成 MAC 位址的一種網路通訊協定,當你要連接另外一台電腦時,您的電腦就會先發出 ARP 封包,詢問網路上有哪台機器對應到這個 MAC 位址,才會進行後續的資料傳送;而這次所討論的 ARP 偽造攻擊就是使用者所連線的網路中,有蓄意的攻擊者發出偽造的 ARP 資訊,導致原本應該直接傳送的資訊,會轉向到攻擊者的機器,這樣的詐騙手法雖然已經出現很久,但是因為遭攻擊時特徵不明顯,且需要相當技術程度之管理者才會發現,因此仍持續受到惡意攻擊者的喜好。 </FONT></SPAN></SPAN></SPAN></P>
<P style="LINE-HEIGHT: 14pt"><SPAN style="FONT-FAMILY: 'Verdana', 'sans-serif'; FONT-SIZE: 9pt" lang=ZH-TW><FONT face=""><IMG src="http://blogs.technet.com/photos/technet_taiwan/images/3293032/original.aspx" mce_src="http://blogs.technet.com/photos/technet_taiwan/images/3293032/original.aspx"></FONT></SPAN></P>
<P style="LINE-HEIGHT: 14pt"><SPAN style="FONT-FAMILY: 'Verdana', 'sans-serif'; FONT-SIZE: 9pt" lang=ZH-TW><FONT face=""><SPAN style="FONT-FAMILY: '微軟正黑體', 'sans-serif'; FONT-SIZE: 11pt; mso-bidi-font-family: Calibri; mso-ansi-language: EN-US; mso-fareast-language: ZH-TW; mso-bidi-language: AR-SA" lang=ZH-TW>圖中,電腦 </SPAN><SPAN style="FONT-FAMILY: '微軟正黑體', 'sans-serif'; FONT-SIZE: 11pt; mso-bidi-font-family: Calibri; mso-ansi-language: EN-US; mso-fareast-language: ZH-TW; mso-bidi-language: AR-SA">B <SPAN lang=ZH-TW>要存取電腦 </SPAN>A <SPAN lang=ZH-TW>時,會先確認電腦 </SPAN>A <SPAN lang=ZH-TW>的 </SPAN>MAC <SPAN lang=ZH-TW>位置與 </SPAN>IP <SPAN lang=ZH-TW>訊息</SPAN>,<SPAN lang=ZH-TW>當攻擊者比電腦</SPAN>A<SPAN lang=ZH-TW>更早回應電腦 </SPAN>B <SPAN lang=ZH-TW>的連線</SPAN><SPAN lang=ZH-TW>申請時,攻擊者就可以搶劫連線</SPAN>,<SPAN lang=ZH-TW>讓電腦 </SPAN>B <SPAN lang=ZH-TW>優先連到攻擊者電腦,才將資料回到電腦 </SPAN>A,<SPAN lang=ZH-TW>也因此所有電腦 </SPAN>B <SPAN lang=ZH-TW>到電腦 </SPAN>A <SPAN lang=ZH-TW>的資訊就完全被截取。</SPAN></SPAN></FONT></SPAN></P>
<P style="LINE-HEIGHT: 14pt"><FONT face=""></FONT><SPAN style="FONT-FAMILY: 'Verdana', 'sans-serif'; FONT-SIZE: 9pt" lang=ZH-TW><SPAN style="FONT-FAMILY: '新細明體', 'serif'; COLOR: black; FONT-SIZE: 9pt; mso-bidi-font-family: 新細明體; mso-ansi-language: EN-US; mso-fareast-language: ZH-TW; mso-bidi-language: AR-SA"> </P>
<P><SPAN style="BORDER-BOTTOM-COLOR: black; BORDER-TOP-COLOR: black; FONT-FAMILY: '新細明體', 'serif'; COLOR: black; BORDER-RIGHT-COLOR: black; BORDER-LEFT-COLOR: black">想獲得更多資訊?</SPAN></SPAN><SPAN style="FONT-FAMILY: '新細明體', 'serif'; COLOR: black; FONT-SIZE: 9pt; mso-bidi-font-family: 新細明體; mso-ansi-language: EN-US; mso-fareast-language: ZH-TW; mso-bidi-language: AR-SA"><A href="http://blogs.technet.com/twsecurity/archive/tags/_0F5C385E588B_/default.aspx" mce_href="http://blogs.technet.com/twsecurity/archive/tags/_0F5C385E588B_/default.aspx"><FONT color=#003399>參考更多資安小常識</FONT></A></SPAN></P>
<P><SPAN style="FONT-FAMILY: '新細明體', 'serif'; COLOR: black; FONT-SIZE: 9pt; mso-bidi-font-family: 新細明體; mso-ansi-language: EN-US; mso-fareast-language: ZH-TW; mso-bidi-language: AR-SA"><SPAN style="BORDER-BOTTOM-COLOR: black; BORDER-TOP-COLOR: black; FONT-FAMILY: '新細明體', 'serif'; COLOR: black; BORDER-RIGHT-COLOR: black; FONT-SIZE: 9pt; BORDER-LEFT-COLOR: black"><SPAN>讓我們瞭解一下資安小常識對您的幫助</SPAN>,請按下面的星星評分。</SPAN></SPAN> </SPAN></P>