ARP (Address Resolution Protocol) Spoofing Attacks or ARP flooding or ARP poisoning

A computer connected to an IP/Ethernet Local Area Network has two addresses. One is the MAC (Media Access Control) which is a globally unique and unchangeable address which is burned on the network card itself. MAC addresses are necessary so that the Ethernet protocol can send data back and forth, independent of whatever application protocols are used on top of it. Ethernet send and receive data based on MAC addresses. MAC address is also known as Layer2 address, physical address or Hardware address.

Other address is the IP address. IP is a protocol used by applications, independent of whatever network technology operates underneath it. Each computer on a network must have a unique IP address to communicate. Applications use IP address to communicate. IP address is also known as Layer 3 address or Logical address.

To explain it more clearly, the applications use IP address for communication and the low lying hardware use MAC address for communication. If an application running on a computer need to communicate with another computer using IP address, the first computer should resolve the MAC address of the second computer, because the lower layer Ethernet technologies use MAC addresses to deliver data. Click the following link to learn more about ARP (Address Resolution Protocol).

Operating Systems keep a cache of ARP replies to minimize the number of ARP requests. ARP is a stateless protocol and most operating systems will update their cache if a reply is received, regardless of whether they have sent out an actual request.

ARP (Address Resolution Protocol) Spoofing attacks (ARP flooding or ARP poisoning) help an attacker to sniff data frames on a local area network (LAN), modify the traffic etc. ARP Spoofing attacks are made by sending fake ARP messages to an Ethernet LAN. The purpose of this is to associate the attacker's MAC address with the IP address of another computer, generally the default gateway. Here any traffic sent to the default gateway would be mistakenly sent to the attacker instead. The attacker can then forward the traffic to the actual default gateway after sniffing or modify the data before forwarding it.

Related Tutorials