ARP-spoofing defense

Corey Edwards tensai at
Wed Mar 14 11:12:05 MDT 2007

On Wed, 2007-03-14 at 10:52 -0600, Topher Fischer wrote:
> Also, in my mind, the solution to this problem seems too easy.  I must
> be missing something.  Why do machines even pay attention to ARP replies
> that they did not solicit?  Why isn't ARP just implemented so that when
> a request is sent out, then any matching replies are processed and
> nothing more?  What am I missing here?

I "researched" this one time too. What I found was that Linux and Cisco
devices were not vulnerable to ARP spoofing because they did just as you
outline. I looked through some of the ARP code in Linux and that
appeared to indeed be the case, although I can't say I know that for
sure. Windows was easily spoofed however.


More information about the PLUG mailing list