ARP Spoof

存储于主机内存中的地址解析协议（ARP）根据48位的以太网地址确定接口，可高速缓存IP和硬件MAC的映射表，计算机接受到ARP应答数据包即会更新本地ARP缓存。ARP缺陷攻击方式有假冒ARP应答，自动定时ARP spoof，预测ARP解析时间，对网关攻击，点对点攻击等。对于ARP的预防，须建立在IP地址与MAC地址两者的信任基础上。
英文题名：Analyze on ARP Spoof Attack
Abstract: Address resolution protocol (ARP) stored in the memory of the host computer can confirm the interface according to the Ethernet addresses of 48 bits, and can quickly save IP and mapping form of hardware MAC. When computer received data package of ARP response, it upgrades local ARP buffer memory immediately. There are many ARP defect attack ways such as imitated ARP response, automatic timing of ARP spoof, predicting analysis time of ARP, gateway attacking and point-to-point attack etc. The prevention of ARP must be set up in the basis of trusting IP address and MAC address.