ARP Poisoning: Definition, Techniques, Defense & Prevention
ARP Poisoning: Definition, Techniques, Defense & Prevention
ARP Poisoning: Definition, Techniques, Defense & Prevention
ARP poisoning (also known as ARP spoofing) is a cyber attack carried out through malicious ARP messages
An ARP attack is difficult to detect, and once it's in place, the impact is impossible to ignore.
A hacker that successfully implements either ARP spoofing or ARP poisoning could gain control of every document on your network. You could be subject to spying, or your traffic could grind to a halt until you give the hacker what's requested for ransom.
We'll walk you through how an ARP attack works, and we'll give you a few solutions you can implement right away to keep your server safe.
What Is an ARP?
In 2001, developers introduced the address resolution protocol (ARP) to Unix developers. At the time, they described it as a "workhorse" that could establish IP-level connections to new hosts.
The work is critical, especially if your network is constantly growing, and you need a way to add new functionality without authorising each request yourself.
The basis of ARP is media access control (MAC). As experts explain, an MAC is a unique, hardware-level address of an ethernet network interface card (NIC). These numbers are assigned at the factory, although they can be changed by software.
In theory, an ARP should:
- Accept requests. A new device asks to join the local area network (LAN), providing an IP address.
- Translate. Devices on the LAN don't communicate via IP address. The ARP translates the IP address to a MAC address.
- Send requests. If the ARP doesn't know the MAC address to use for an IP address, it sends an ARP packet request, which queries other machines on the network to get what's missing.
This functionality saves network administrators a lot of time. Requests are handled behind the scenes, and the network does all the cleanup required. But dangers exist.
ARP Attacks: Key Definitions
A malicious developer, hoping to gain access to important data, could expose vulnerabilities and sneak inside, and you may never know it's happening.
Two types of ARP attacks exist.
- ARP spoofing: A hacker sends fake ARP packets that link an attacker's MAC address with an IP of a computer already on the LAN.
- ARP poisoning: After a successful ARP spoofing, a hacker changes the company's ARP table, so it contains falsified MAC maps. The contagion spreads.
The goal is to link a hacker's MAC with the LAN. The result means any traffic sent to the compromised LAN will he