ARP spoofing

In computer networking, ARP spoofing (also ARP cache poisoning or ARP poison routing) is a technique by which an attacker sends (spoofed) Address Resolution Protocol (ARP) messages onto a local area network. Generally, the aim is to associate the attacker's MAC address with the IP address of another host, such as the default gateway, causing any traffic meant for that IP address to be sent to the attacker instead.

ARP spoofing may allow an attacker to intercept data frames on a network, modify the traffic, or stop all traffic. Often the attack is used as an opening for other attacks, such as denial of service, man in the middle, or session hijacking attacks.^[1]

The attack can only be used on networks that use ARP, and requires that the attacker has direct access to the local network segment to be attacked.^[2]

^ Ramachandran, Vivek & Nandi, Sukumar (2005). "Detecting ARP Spoofing: An Active Technique". In Jajodia, Suchil & Mazumdar, Chandan (eds.). Information systems security: first international conference, ICISS 2005, Kolkata, India, December 19–21, 2005 : proceedings. Birkhauser. p. 239. ISBN 978-3-540-30706-8.
^ Lockhart, Andrew (2007). Network security hacks. O'Reilly. p. 184. ISBN 978-0-596-52763-1.

[Ramachandran-2005-p239-1] Ramachandran, Vivek & Nandi, Sukumar (2005). "Detecting ARP Spoofing: An Active Technique". In Jajodia, Suchil & Mazumdar, Chandan (eds.). Information systems security: first international conference, ICISS 2005, Kolkata, India, December 19–21, 2005 : proceedings. Birkhauser. p. 239. ISBN 978-3-540-30706-8.

[Lockhart-2007-p184-2] Lockhart, Andrew (2007). Network security hacks. O'Reilly. p. 184. ISBN 978-0-596-52763-1.

[1]

[2]