ARP Poisoning

ARP Poisoning

An ARP poisoning attack takes advantage of a weakness in the address resolution protocol (ARP) to redirect traffic from one or more victim machines to their own device or somewhere else. 

What is ARP Poisoning? 

In an ARP poisoning attack an attacker corrupts ARP tables by altering the IP-to-MAC address mappings to redirect traffic. This allows them to intercept IP traffic and data meant for a legitimate computer or server on the network.

How ARP Poisoning Works

ARP poisoning attacks typically include the following five steps:

1. The attacker selects its target (an endpoint, a group of endpoints, or a network device like a router), opens an ARP poisoning tool, and configures the tool’s IP address to be consistent with the IP subnet of a target.
2. The attacker uses the tool to scan for IP and MAC addresses of hosts in the target’s subnet and alters the address mappings.
3. The attacker chooses its target and begins sending ARP packets across the network that contain the attacker’s MAC address paired with the target’s IP address.
4. The scope of the attack starts to spread as other hosts on the network cache the spoofed ARP packets, and data that those hosts send to the victim start going to the attacker instead. 
5. At this point, the impact of the attack can magnify as an attacker can steal more and more data or launch a follow-on attack, like a DDoS attack that sends a flood of ARP packets to disrupt the entire network.

How to Prevent ARP Poisoning 

Security protocols like dynamic ARP inspection (DAI) check the validity of each ARP message and drop messages that appear to be suspicious or malicious. DAI can also be used to control high volumes of malicious ARP packets through rate limiting. Tools like segmentation and encryption can limit the scope and potential damage of an ARP poisoning attack, but they can’t prevent an attack.

To stop ARP poisoning before network security and data integrity are compromised, advanced DDoS protection monitors the network for suspicious activity while using multi-site resiliency and intelligent traffic management to keep legitimate traffic flowing. When coupled with AI-assisted threat intelligence, it can continually learn from new data and adapt in real time to keep defenses sharp.

Get in Touch

t’s important to stay vigilant against ARP poisoning attacks and other types of DDoS attacks. Visit our threat intelligence research center for more information on DDoS defense in depth.

Speak with a specialist now!