Mitigating ARP spoofing attacks

ARP attacks cannot be mitigated straightforwardly; however, proactive measures can be taken against ARP-cache poisoning on your network.

Statically mapping the MAC addresses to the IP address is one approach against the unsolicited dynamic ARP requests sent by an attacker. You can see the ARP cache of a Windows system by simply opening a Command Prompt and typing the arp -a command, as shown:

In situations where network arrangements do not change often, static ARP entries can still be used. This will guarantee that devices will depend on their local ARP cache, as opposed to depending on ARP requests and responses:

• Monitoring ARP traffic: The other method of protecting against the ARP cache is monitoring the network traffic of hosts. This should be possible with a couple of interruption-based identification frameworks and utilities.
• Dynamic ARP inspection: This is one of the security features that verifies the ARP packet. Dynamic ARP inspection verifies, stores log information, and rejects all the invalid ARP bindings. Dynamic ARP inspection will be explained in more depth in the following chapters.