What is ARP poisoning?
D2 ยท Threats ยท CompTIA Security+ SY0-701ARP poisoning (ARP spoofing) exploits the ARP (Address Resolution Protocol) to associate the attacker's MAC address with a legitimate IP address on a local network. This redirects traffic meant for the victim through the attacker's machine.
Used to enable MITM attacks, sniff unencrypted traffic, or intercept credentials on a LAN.
Prevention: Dynamic ARP Inspection (DAI) on managed switches, static ARP entries for critical hosts, encrypted protocols (TLS).
Used to enable MITM attacks, sniff unencrypted traffic, or intercept credentials on a LAN.
Prevention: Dynamic ARP Inspection (DAI) on managed switches, static ARP entries for critical hosts, encrypted protocols (TLS).
ARP poisoning only works on local network segments (Layer 2). It's a classic LAN-based MITM technique. DAI on switches is the primary network-level defense.