arpspoof from LAN to WAN

Question

I'm currently having problems using arpspoof using the Linux platform to spoof from a Local IP address to a WAN IP address, But I've no idea how to do this.

Local IP Ubuntu Host: 192.168.0.4

My Router IP Address: 192.168.0.1

Outside WAN: xxx.xxx.xxx.xxx

When I issue the following command:

arpspoof -i eth0 -t 192.168.0.1 xxx.xxx.xxx.xxx

It works, after that I reverse target to my Ubuntu IP address, though that does not work.

arpspoof - i eth0 -t xxx.xxx.xxx.xxx 192.168.0.1

It fails and after outputs the following error:

arpspoof: couldn't arp for host xxx.xxx.xxx.xxx

Is it possible to reverse arpspoof from WAN to local?

Answer 1

You can't spoof WAN networks, unless you can locally access one of the ISPs or HOPS and that's even difficult whilst also requiring exp equipment.

Answer 2

ARP Poisoning works inside a LAN. ARP (Address Resolution Protocol) is something which help the router, computer and other devices connected in the LAN to identify each other. It helps IP to MAC mapping. In ARP poisoning the attacker sends false information usually to the router and the victim's machine.

The attacker tells the router that the victim is him and he tell the victim that he is the router using fake ARP packets. This protocol is limited to LAN and we usually have point to point connections in the WAN side.

When you issue the first command:

arpspoof -i eth0 -t 192.168.0.1 xxx.xxx.xxx.xxx

It tells the router which exists in LAN that the Public IP is your attacking computer. That is valid.

In the second command:

arpspoof - i eth0 -t xxx.xxx.xxx.xxx 192.168.0.1

You tell arpspoof to send ARP packets to some WAN address that it couldn't find in the LAN.

Hence the error.