What Is Arp Spoofing
Basically, the ARP (Address Resolution Protocol) Spoofing is also termed as ARP flooding, it can allow an attacker to catch hold of the data frames on a Local area Network, modify or stop the traffic right away. The network can actually make use of ARP. The simple principle of ARP Spoofing is to just spoof or fake the ARP messages to an Ethernet LAN. Generally, it aims to associate the system with the MAC address with the IP address of another node. Any traffic which is meant for IP address would be mistakenly sent to the attacker inside. The attacker can then choose to make use of service called the denial of the service which in turn can fight with the association of a non existent MAC address to the IP address of the victims gateway.
ARP spoofing attacks can be initiated from a compromised host, or from an attacker's machine that is connected directly to the target Ethernet segment. By checking the existence of the MAC address, cloning can uncover the ARP spoof attack although there are legitimate uses of the MAC address cloning too. If there are more than one IP address which is returned then the MAC address cloning is present. Basically ARP spoofing used to implement the redundancy of the network services. The back up server may make use of ARP spoofing to take over the defective server and offer the redundancy transparently.
A very easy trick which works for ARP spoofing attacks is that with the use of static IP MAC mappings you can get away with this. But the problem is that it only prevents the attacks from the smaller attacks and not from the larger network attacks and also ARP cache has to be configured on every machine.
Also, more importantly the ARP Spoofing can also be used for the legitimate reasons as for example if we take the case of the network registration, the tools may redirect the unregistered hosts to signup the page before allowing them to gain the full access to the network. Another such sort of implementation is done in hotels so as to allow the travelers with laptops to provide he access to internet from the room using a device HEP (Head End Processor) which is irrespective of the IP addresses.
ARP spoofing attacks can be initiated from a compromised host, or from an attacker's machine that is connected directly to the target Ethernet segment. By checking the existence of the MAC address, cloning can uncover the ARP spoof attack although there are legitimate uses of the MAC address cloning too. If there are more than one IP address which is returned then the MAC address cloning is present. Basically ARP spoofing used to implement the redundancy of the network services. The back up server may make use of ARP spoofing to take over the defective server and offer the redundancy transparently.
A very easy trick which works for ARP spoofing attacks is that with the use of static IP MAC mappings you can get away with this. But the problem is that it only prevents the attacks from the smaller attacks and not from the larger network attacks and also ARP cache has to be configured on every machine.
Also, more importantly the ARP Spoofing can also be used for the legitimate reasons as for example if we take the case of the network registration, the tools may redirect the unregistered hosts to signup the page before allowing them to gain the full access to the network. Another such sort of implementation is done in hotels so as to allow the travelers with laptops to provide he access to internet from the room using a device HEP (Head End Processor) which is irrespective of the IP addresses.
Source...