What is ARP spoofing?

Address Resolution Protocol or ARP is Network Layer (Lowest Layer in Internet Protocol suit) protocol help to discover link-layer addresses like MAC addresses. The MAC address is also associated with a given internet layer address, such as IPv4 address.

ARP spoofing (also known as ARP cache poisoning) is a cyber-attack technique in which malicious actors send spoofed or corrupted ARP messages onto a Local Area Network (LAN). In most cases, these spoofed ARP messages are sent to the prey default gateway to change the ARP table.

The ARP table is maintained in the router to correlate the MAC address and its respective IP address. The basic purpose is to facilitate the ARP request.

Normal Vs Under Attack

Explanation

After a successful attack, a malicious person can perform multiple actions against the host machine. Below are some eminent actions an attacker can do, but it wholly depends upon the need:

  • Modify the traffic flow
  • Freeze/stop all traffic
  • Activity watching
  • Initiate other attacks

ARP spoofing can be used to cause multiple other attacks as well. Sometimes, these attacks are initialized after ARP poisoning.

  1. Denial-of-service attacks
  2. Session hijacking
  3. Man-in-the-middle

Free Resources