ARP spoofing

ARP spoofing (also called ARP poisoning) is an attack in which an adversary sends falsified Address Resolution Protocol (ARP) messages onto a local area network, causing the attacker's MAC address to be associated with the IP address of another host — typically the default gateway. Once the ARP tables of the victim machines are poisoned, all traffic intended for the gateway is routed through the attacker instead, enabling the attacker to intercept, modify, or drop packets at will.

The ARP protocol was designed for efficiency, not security. It resolves IP addresses to MAC addresses through broadcast queries without any mechanism for authentication or verification. When a device receives an ARP reply, it updates its cache automatically, regardless of whether it requested the information. An attacker who floods the network with forged ARP replies can overwrite legitimate entries in seconds, and because ARP entries typically expire only after a few minutes, the poisoned state persists long enough for substantial interception.

The attack is local and requires the attacker to be on the same broadcast domain as the victims, but this constraint is less restrictive than it appears. A compromised machine on a corporate network, a malicious insider, or a device connected to a public Wi-Fi access point all provide suitable positions. The attack is trivial to execute with open-source tools, yet it remains effective against networks that have not implemented protective measures such as static ARP entries, ARP inspection, or network segmentation.

ARP spoofing is not a sophisticated attack. It is a crude attack against a crude protocol, and its persistence is a testament to how long the internet's infrastructure has operated on trust assumptions that were appropriate for research networks in the 1980s but are entirely inadequate for the hostile environment of contemporary networks. The continued effectiveness of ARP spoofing is not a technical failure. It is an architectural failure — the failure of a protocol ecosystem to evolve its trust model at the same pace as its threat model.