ARP Spoofing Attacks Underway

It seems that there's a barrage of ARP spoofing attacks taking place on various networks. In some cases the attacks eventually lead to installation of malware, in other cases the attacks make it appear that a site was hacked when in reality it was not.

Earlier this week the network hosting metasploit.com came under such an attack. Today one of my friend's customers fell victim the same sort of attack when their hosting company was attacked with ARP spoofing.

In the latter case traffic was redirected to sites in China that host malware. After a little research I discovered that others are experiencing similar situations.

So if your sites appear to become victims of similar attacks get your hosting company to check into their ARP tables. Also, consider blacklisting these domains since they are sometimes the places used to host malware in these particular attacks - at the moment anyway:

crazysb.cn
hounian.tj.cn
51yes.com