Kinaro's blog of things

ARP Spoofing

June 04, 2019

The Address Resolution Protocol is used to map IP addresses (v4 or v6) to the physical addresses (MAC)of devices in a network. A host wishing to discover a physical address sends out an ARP packet on the network, and then the host with the same IP address as in the packet will send a response with its MAC address.

Responses are automatically cached by hosts in a network whether they requested them or not, and only overwritten when another request is made. The ARP protocol lacks an authentication mechanism, which thus allows for an attacker to send out spoofed ARP requests on the network in order to associate their MAC address with the IP address of a different host. This enables the attacker to intercept traffic meant for a different host.

An attacker can then carry out a Man-in-the-Middle attack where they foward the data to the actual host to avoid discovery, or spy on unsuspecting users by performing packet inspection. An attacker may also conduct a denial of service by dropping all packets received.


Felix Kinaro

Github TwitterContact