ARP spoofing is a method of redirecting traffic from an IP address to the MAC address of the spoofer by sending a fake ARP message. The attacker can either passively receive data or actively alter it before forwarding it. While it has legitimate uses, it is often used for unauthorized data acquisition and is also known as ARP poisoning or ARP poison routing.
Address resolution protocol spoofing is a strategy of sending a spoofed ARP message or address resolution protocol over an Ethernet local area network. The primary function of ARP spoofing is to redirect traffic from an IP address to the MAC address of the spoofer. The process works by tricking the Ethernet network into detecting the spoofed address and routing traffic to end up with the spoofed address instead of being routed to the real IP address.
Once the traffic is routed through the address resolution protocol spoofing process, the perpetrator of the fake address has two options. First, the received data can be evaluated and then transmitted to the actual destination. In this option the data is not altered in any way. This approach is known as passive sniffing.
The second option that results from address resolution protocol spoofing involves receiving the intercepted data and altering it in some way. The changed data is then forwarded to the intended recipient, who will have no reason to think the data didn’t come directly from the original sender. This is commonly referred to as a man-in-the-middle attack.
While address resolution protocol spoofing is often used for questionable purposes, the process has some perfectly legitimate applications as well. Many businesses use more than one IP address to drive traffic to their websites. Along with the main site URL, they can also create a set of generic URLs and associated IP addresses that will generate passive traffic. In this application, Internet users come across one of these generic addresses, click on the link, and are passed through the default gateway to the main website via the forwarding function of the ARP process.
When used to acquire data without authorization, address resolution protocol spoofing is sometimes referred to as ARP poisoning or ARP poison routing. These nicknames help describe the use of the protocol for purposes that are not in the best interests of the sender or receiver of the original query.
Protect your devices with Threat Protection by NordVPN
