Address Resolution Protocol poisoning (ARP poisoning) is a
form of attack in which an attacker
changes the Media Access Control (MAC)
address and attacks an Ethernet LAN by changing the target computer's ARP cache
with a forged ARP request and reply packets. This modifies the layer -Ethernet
MAC address into the hacker's known MAC address to monitor it. Because the ARP
replies are forged, the target computer unintentionally sends the frames to the
hacker's computer first instead of sending it to the original destination. As a
result, both the user's data and privacy are compromised.
ARP poisoning is very effective against both wireless and
wired local networks. By triggering an ARP poisoning attack, hackers can steal
sensitive data from the targeted computers, eavesdrop by means of
man-in-the-middle techniques, and cause a denial of service on the targeted
computer. In addition, if the hacker modifies the MAC address of a computer
that enables Internet connection to the network, access to Internet and
external networks may be disabled.
An effective ARP poisoning attempt is undetectable to the
user. For smaller networks, using static ARP tables and static IP addresses is
an effective solution against ARP poisoning.