Security Encyclopedia

Address Resolution Protocol Poisoning

Address Resolution Protocol (ARP) attacking is the point at which an attacker sends distorted ARP messages over a local area network (LAN) to connect an attacker’s MAC address with the IP address of an authentic PC or server on the system. When the attacker’s MAC address is connected, the attacker can obtain any messages coordinated to the authentic MAC address.

ARP poisoning allows the attacker to intercept or alter messages to the real MAC address. This attack can only be used on networks that utilize ARP. The ARP protocol is a method utilized by the Internet Protocol (IP), to delineate system delivery to hardware. The ARP poisoning attack requires the malicious party to have direct access to the local network segment to be attacked. The convention works underneath the system layer as a piece of the interface between the OSI system and OSI connection layer.


"Despite it being a very common attack vector, mitigating ARP spoofing is extremely easy. We had our IT team enable DHCP snooping and dynamic ARP inspection at the VLAN level and globally."