ARP Poisoning

ARP Poisoning (also known as ARP Spoofing) is a cyberattack technique that exploits weaknesses in the Address Resolution Protocol (ARP) to intercept, modify, or disrupt network traffic within a local area network (LAN). The attacker sends forged ARP messages to associate their own MAC (Media Access Control) address with the IP address of a legitimate device, such as a gateway or router. When other devices on the network update their ARP caches with this falsified information, they unknowingly route their traffic through the attacker's machine instead of the intended destination.

This redirection enables a range of malicious activities, most notably man-in-the-middle (MitM) attacks, where the attacker can eavesdrop on communications, steal sensitive data, alter packets in transit, or perform session hijacking. Because ARP is a stateless protocol with no built-in authentication, devices inherently trust all ARP replies they receive, making networks highly vulnerable to this type of attack. Countermeasures include using Dynamic ARP Inspection (DAI), static ARP entries, encrypted communication protocols, VPNs, and network monitoring tools to detect anomalous ARP activity.