Is ARP spoofing an exploit by definition?

Hey all

I am working on an assignment which basically has the question of identifying an exploit with a relevant CVE that would allow for TCP session identification. The closest I could find to this was CVE-1999-0667 with ARP spoofing, where the cache is poisoned to perform a man-in-the-middle attack.

I am however confused, as I do not know if this constitutes as an exploit or just a technique within an exploit. I tried my hardest to skim through thousands of CVEs to see if there were any exploits related to the identification of TCP sessions, but most of them were just denial-of-service attacks.

I would appreciate some clarification on this topic because I am just so lost

submitted by /u/J-100
[link] [comments]

from hacking: security in practice https://ift.tt/qu1oJvU

Comments