ARP cache poisoning

(redirected from ARP spoofing)
Also found in: Wikipedia.

ARP cache poisoning

A method of intercepting packets in a TCP/IP network by sending a false address resolution protocol (ARP) message into the network. In order to accomplish this, the attacker must have access to the local network. The false ARP message generally redirects traffic to the perpetrator's computer, which is used to view or modify the network packets in some manner. See ARP, ARP cache and man-in-the-middle attack.
References in periodicals archive ?
Multi-Layer ACL; IP-MAC-Port Binding (IMPB); D-Link Safeguard Engine; DHCP server screening; BPDU Attack Protection; ARP spoofing prevention
With the Layer 2 Firewall, wireless clients are protected from popular security breaches such as ARP spoofing, password sniffing, DHCP spoofing, and other malicious attacks commonly found in public wireless environments.
For advanced device-detection and policy-enforcement capabilities, the appliance protects against ARP spoofing, and enables session-specific policy creation and enforcement, open-port hardening and network-agnostic blocking.
He gives a summary of Unix and Windows host security, including basic tools and techniques, then covers privacy and anonymity that will use encryption and other methods to guard against such felonies as phishing, firewalls, including installing and using commercial firewall products, encryption and securing services, network security, including detecting ARP spoofing and tracking attackers, wireless security, logging, monitoring and trending, secure tunnels, network intrusion protection, recovery and response.
Like many IP devices, VoIP phones are vulnerable to ARP spoofing, allowing man-in-the-middle attacks and including data interception and packet injection.
In 2010, distribution methods involving ARP spoofing attacks, anti-spam detouring and copying well known software were all identified.
Advanced Device Detection and Interrogation CounterACT's latest release introduces a set of new features for advanced device detection and policy enforcement capabilities, including protection against ARP spoofing, session-specific policy creation and enforcement, open-port hardening, and network-agnostic surgical blocking.
3) detects/blocks dual-homed connections, device impersonation, ARP spoofing attempts, and more.
Sourcefire NS utilizes several preprocessors to perform complex protocol analysis and normalization, detecting anomalies such as portscans, IP stack fingerprinting, Denial of Service (DoS) attacks and ARP spoofing.