Home

ARPspoofing

ARP spoofing, also known as ARP poisoning, is a technique in which an attacker sends forged ARP messages on a local area network to associate their own MAC address with the IP address of another host. The Address Resolution Protocol maps IP addresses to MAC addresses on a LAN, but ARP provides no built‑in authentication, so hosts update their ARP caches based on received replies.

In an ARP spoofing attack, the attacker, typically on the same LAN segment, transmits gratuitous or forged

Impact of ARP spoofing can include eavesdropping on unencrypted data, alteration of transmitted information, session hijacking,

Mitigation and detection focus on preventing or identifying poisoned cache entries. Defenses include static ARP entries

ARP
replies
to
targets.
This
causes
devices
to
update
their
ARP
tables
so
that
the
attacker’s
MAC
address
is
linked
to
the
legitimate
host’s
IP.
Subsequently,
traffic
intended
for
the
real
host
is
sent
to
the
attacker,
enabling
interception,
modification,
or
disruption
of
communications.
The
attack
often
enables
a
man‑in‑the‑middle
position,
but
can
also
be
used
to
perform
denial
of
service
by
misdirecting
traffic.
and
network
outages.
The
vulnerability
arises
from
the
absence
of
authentication
in
ARP
and
the
reliance
on
current
ARP
cache
entries.
for
critical
devices,
Dynamic
ARP
Inspection
on
switches,
port
security
and
MAC
limits,
and
network
segmentation
or
encryption
(VPNs,
TLS,
IPsec).
ARP
monitoring
tools
and
anomaly
detection
can
alert
administrators
to
suspicious
ARP
traffic
or
duplicate
IP/MAC
mappings.
Ethical
or
legal
use
of
ARP
spoofing
is
restricted
to
authorized
testing.