It’s hard to think of a world without WiFi, from homes to offices, airports to coffee shops, WiFi networks are everywhere. However, with the increased use of WiFi, there is also an increased need for good WiFi security and reduced vulnerabilities. One such vulnerability is ARP spoofing, sometimes referred to as ARP poisoning.
ARP spoofing is a technique used by attackers to intercept network traffic between two devices by impersonating one of the devices. ARP stands for Address Resolution Protocol, which is used by devices on a network to resolve IP addresses to MAC addresses. A MAC address is a unique identifier assigned to each device on a network.
When a device wants to communicate with another device on the same network, it sends an ARP request to resolve the IP address of the destination device to its MAC address. The destination device responds with its MAC address, and the communication can take place. In ARP spoofing, the attacker sends a fake ARP response to the requesting device, claiming to be the destination device. This causes the requesting device to send all its network traffic to the attacker instead of the intended device.
ARP spoofing can be used for various malicious purposes. For example, an attacker can use ARP spoofing to intercept and read network traffic, steal login credentials, and even modify network traffic to carry out Man-in-the-Middle attacks. The biggest problem with these attacks is they are very hard to detect as you commonly wouldn’t know if you are a victim of this type of attack because your internet connection could look and act perfectly normal.
WiFi networks are particularly vulnerable to ARP spoofing due to their wireless nature. Attackers can easily intercept and modify network traffic without needing physical access to the network. When you try to connect to the real WiFi network your traffic is intercepted and the handshake ends up going to the hacker but you connect to the network unknowingly. Most networks don’t bother trying to protect against these attacks and this is an atrocious vulnerability to open WiFi networks but it can be prevented.
It seems the reason why there are 2x terms (ARP spoofing & ARP poisoning) is that it isn’t always used for bad, it can also be used for good purposes. Because it is possible to hijack devices and control what gets on a network there is the potential to use this security flaw as a pseudo control system. For example, if configured ethically a parent could use ARP spoofing to intercept devices allowing access control to the network and even and block certain websites or applications from their child’s device.
To prevent ARP spoofing attacks, there are several solutions available. One solution is to use ARP spoofing detection software, which can detect and alert users to any ARP spoofing activity on the network. Another solution is to use encryption protocols like SSL or VPNs, which can protect network traffic from interception and modification. But there is another way that is quite interesting but there doesn't seem to be a lot of documentation online about it ;)
ARP spoofing is a security vulnerability that can pose a significant risk to WiFi networks and is especially a concern in areas where you can’t really trust the local WiFi. Sure it may be possible to have a few edge cases where ARP spoofing can be used for good but overall, it should be looked to as poison.
