ARP Attack

Question 1

What does ARP stand for?

Answer 1

Address Resolution Protocol

Question 2

What is the purpose of ARP?

Answer 2

Maps IP addresses to MAC addresses on a local network

Question 3

What is an ARP attack?

Answer 3

When an attacker sends fake ARP messages to manipulate IP-to-MAC mapping

Question 4

What is ARP spoofing (ARP poisoning)?

Answer 4

Attacker sends false ARP messages to associate their MAC with another device’s IP, often the gateway

Question 5

How can ARP attacks lead to a MITM?

Answer 5

By redirecting traffic through the attacker, allowing interception and modification of data

Question 6

How can ARP attacks cause DoS?

Answer 6

By poisoning ARP tables, devices cannot reach the correct gateway, disrupting network access

Question 7

Name two consequences of ARP attacks.

Answer 7

Sensitive data theft and network downtime/DoS

Question 8

Name three mitigation techniques for ARP attacks.

Answer 8

Static ARP entries, Dynamic ARP Inspection (DAI), encrypted protocols (HTTPS/SSH)

Question 9

Why are ARP attacks dangerous on local networks?

Answer 9

They allow attackers to intercept, modify, or block network traffic without detection

Question 10

ARP Spoofing

Quick Way to Remember
Spoofing = the trick / attack
Poisoning = the corrupted tables / result

Answer 10

Definition: The act of sending fake ARP messages to a network to pretend your MAC address is another device’s (often the gateway).

Purpose: To trick devices into sending traffic through the attacker (MITM).
Focus: The action of impersonating a device.

Example:
**Attacker sends ARP messages claiming “I am the gateway” → ARP spoofing.

Devices update their ARP tables incorrectly → ARP poisoning.

Quick Way to Remember
Spoofing = the trick / attack
Poisoning = the corrupted tables / result

Question 11

ARP Poisoning

Quick Way to Remember
Spoofing = the trick / attack
Poisoning = the corrupted tables / result

Answer 11

Definition: The result of ARP spoofing, where the ARP cache/tables of devices are corrupted with false MAC-IP mappings.
Purpose: Causes devices to send traffic to the wrong MAC address.
Focus: The effect on the network (tables are “poisoned”).

Example:**
Attacker sends ARP messages claiming “I am the gateway” → ARP spoofing.

Devices update their ARP tables incorrectly → ARP poisoning.

Quick Way to Remember
Spoofing = the trick / attack
Poisoning = the corrupted tables / result

Question 12

ARP Attack Mitigation

Answer 12

ARP Attack Mitigation
Static ARP Entries
Manually configure critical devices with fixed IP-to-MAC mappings.
Pros: Prevents ARP spoofing for those devices.
Cons: Hard to manage in large networks.
Dynamic ARP Inspection (DAI)
Switches verify ARP messages against a trusted database before updating ARP tables.
Pros: Blocks invalid ARP messages automatically.
Requires: Managed switches that support DAI.
Use Encrypted Protocols
Use HTTPS, SSH, VPNs, or TLS to protect data even if intercepted.
Network Segmentation / VLANs
Isolate sensitive devices in separate network segments to limit ARP attack scope.
Intrusion Detection / Prevention Systems (IDS/IPS)
Detect unusual ARP traffic and alert administrators or block it.
Regular Monitoring
Check ARP tables for suspicious entries or duplicate IP-MAC mappings.

Mitigation of ARP attacks includes static ARP entries, Dynamic ARP Inspection (DAI), encrypted protocols, VLANs, IDS/IPS, and monitoring. These prevent spoofing, poisoning, and MITM attacks.