Editing Address Resolution Protocol (section)

==ARP spoofing and proxy ARP==
{{main|ARP spoofing|Proxy ARP}}
[[Image:ARP Spoofing.svg|right|thumb|200px|A successful [[ARP spoofing]] attack allows an attacker to perform a [[man-in-the-middle attack]].]]
Because ARP does not provide methods for authenticating ARP replies on a network, ARP replies can come from systems other than the one with the required Layer 2 address.  An ARP ''proxy'' is a system that answers the ARP request on behalf of another system for which it will forward traffic, normally as a part of the network's design, such as for a dialup internet service. By contrast, in ARP ''spoofing'' the answering system, or ''spoofer'', replies to a request for another system's address with the aim of intercepting data bound for that system. A malicious user may use ARP spoofing to perform a [[man-in-the-middle]] or [[denial-of-service]] attack on other users on the network. Various software exists to both detect and perform ARP spoofing attacks, though ARP itself does not provide any methods of protection from such attacks.<ref name="grc">{{cite web | url = http://www.grc.com/nat/arp.htm | author = Steve Gibson | title = ARP Cache Poisoning | publisher = [[Gibson Research Corporation|GRC]] | date = 2005-12-11}}</ref>