Editing ARP spoofing (section)

==Attack anatomy==
The basic principle behind ARP spoofing is to exploit the lack of authentication in the ARP protocol by sending [[spoofing attack|spoofed]] ARP messages onto the LAN. ARP spoofing attacks can be run from a compromised host on the LAN, or from an attacker's machine that is connected directly to the target LAN.

An attacker using ARP spoofing will disguise as a host to the transmission of data on the network between the users.<ref name=":0">{{cite journal|last1=Moon|first1=Daesung|last2=Lee|first2=Jae Dong|last3=Jeong|first3=Young-Sik|last4=Park|first4=Jong Hyuk|date=2014-12-19|title=RTNSS: a routing trace-based network security system for preventing ARP spoofing attacks|url=http://dx.doi.org/10.1007/s11227-014-1353-0|journal=The Journal of Supercomputing|volume=72|issue=5|pages=1740–1756|doi=10.1007/s11227-014-1353-0|s2cid=18861134|issn=0920-8542|access-date=2021-01-23|archive-date=2021-01-23|archive-url=https://web.archive.org/web/20210123000940/https://link.springer.com/article/10.1007/s11227-014-1353-0|url-status=live|url-access=subscription}}</ref> Then users would not know that the attacker is not the real host on the network.<ref name=":0" />

Generally, the goal of the attack is to associate the attacker's host MAC address with the IP address of a target [[host (network)|host]], so that any traffic meant for the target host will be sent to the attacker's host. The attacker may choose to inspect the packets (spying), while forwarding the traffic to the actual default destination to avoid discovery, modify the data before forwarding it ([[man-in-the-middle attack]]), or launch a [[denial-of-service attack]] by causing some or all of the packets on the network to be dropped.