ARP spoofing Last modified: Tuesday, August 31, 2004
(n.) Also referred to as ARP poison routing (APR) or ARP cache poisoning, a method of attacking an Ethernet LAN by updating the target computer’s ARP cache with both a forged ARP request and reply packets in an effort to change the Layer 2 Ethernet MAC address (i.e., the address of the network card) to one that the attacker can monitor. Because the ARP replies have been forged, the target computer sends frames that were meant for the original destination to the attacker’s computer first so the frames can be read. A successful APR attempt is invisible to the user.
An Introduction to ARP Spoofing A discussion of ARP spoofing and its key elements. Basic understanding of networks is required to understand this paper. (pdf) Protecting Your Network From ARP Spoofing-Based Attacks In order to understand how you can protect yourself from ARP spoofing-based attacks, you must understand some fundamentals about how systems on Ethernet-based networks communicate. (pdf) The Ingredients to ARP Poison This article uses a practical example to show how malicious hackers can break into a network.

Related Terms

ARP Ethernet IP spoofing local-area network MAC address packet