ARP Cache Poisoning Defense

Last summer I attended the US Cyber Challenge Conference in Virginia. I was in the hotel room getting ready for a week of exciting security courses. The WiFi was unbearably slow but I attributed that to the masses of other conference goers downloading OS images needed for the morning classes.

The morning class was Packet Crafting with Scapy, a powerful packet manipulation tool for Python. I was refreshing my Wireshark skills for the morning class and noticed something odd — there was a flood of constant ARP traffic. Someone was poisoning my ARP cache and intercepting all of my web traffic. This was my first up-close and personal introduction to ARP Poisoning.

That experience inspired me to write a personal ARP Defense script. The script monitors a computer’s ARP table and notifies the user when an Attack is detected. The script can be found here. Additional information on ARP Poisoning can be found at arppoisoning.com.

Leave a Reply

Your email address will not be published. Required fields are marked *