ARP Spoofing
What is ARP Spoofing?
ARP SpoofingA local-network attack that sends forged ARP messages to bind the attacker's MAC address to another host's IP, redirecting traffic through the attacker.
ARP spoofing — sometimes called ARP poisoning — exploits the lack of authentication in the Address Resolution Protocol on IPv4 LANs. The attacker broadcasts gratuitous ARP replies claiming to own a target IP (typically the default gateway), and victims update their ARP tables accordingly. All subsequent traffic to that IP transits the attacker's host, enabling sniffing, session hijacking, SSL stripping, or selective denial of service. Defences include dynamic ARP inspection on managed switches, DHCP snooping, static ARP entries for critical hosts, port security, and end-to-end encryption that limits the value of intercepted traffic.
● Examples
- 01
An attacker on a corporate Wi-Fi tricking laptops into routing traffic through their laptop to harvest credentials.
- 02
Using Ettercap or arpspoof to perform a man-in-the-middle attack on an unencrypted protocol.
● Frequently asked questions
What is ARP Spoofing?
A local-network attack that sends forged ARP messages to bind the attacker's MAC address to another host's IP, redirecting traffic through the attacker. It belongs to the Attacks & Threats category of cybersecurity.
What does ARP Spoofing mean?
A local-network attack that sends forged ARP messages to bind the attacker's MAC address to another host's IP, redirecting traffic through the attacker.
How do you defend against ARP Spoofing?
Defences for ARP Spoofing typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for ARP Spoofing?
Common alternative names include: ARP poisoning, ARP cache poisoning.