What is the ARP protocol?
ARP stands for Address Resolution Protocol. In Spanish we can translate it as Address Resolution Protocol. It is an important communications protocol, since it is responsible for linking a MAC address or physical address with an IP address. It appeared in the 1980s.
It is responsible for allowing a device connected to a network to obtain a MAC route from another computer that is connected to that same network. Allows data to be transmitted through a packet. It is important as the length of IP and MAC addresses they are not the same. The first is 32 bits long and the second 48 bits.
So what the ARP protocol does in the mapping procedure is translate so that the systems can recognize each other. Today the resolution of IPv4 addresses is the most used, hence this protocol is important. ARP is responsible for translating the address from 32 bits to 48 bits and vice versa.
What is the operation of ARP
So how exactly does the ARP protocol work? What steps are necessary? Let’s say we have connected a new computer or any device to the network. In order to link to the router, that computer will receive a unique IP address. This is essential to communicate and be able to identify yourself.
The data packets they will be targeting a particular host. The gateway or hardware on a network will allow data to flow and will ask the ARP protocol to find a MAC address that matches that IP address.
Keep in mind that this information is cached, so this step is done the first time. From there, the ARP cache maintains a list of the different IP addresses and corresponding MAC addresses.
As data to add, the user himself can create a static ARP table where to store those IP and MAC addresses. But dynamically, that ARP cache is stored in operating systems on an IPv4 Ethernet network. As soon as a device is going to request the MAC address to send data to any other computer that is connected to that network, the ARP cache will be verified. If it exists, it would not be necessary to make a new request.
It should also be mentioned that the ARP cache is not infinite, quite the opposite. It is limited in size, and addresses are only cached for a period of time. This is to be able to free up space and also to prevent cyber attacks that can steal or spoof addresses.
How they can attack ARP
Following the thread of what we mentioned, it should be noted that there may be computer security attacks against the ARP protocol. The type of base attack is what is known as ARP Spoofing, but through it they will be able to carry out denial of service attacks and cause problems.
It is also known as ARP spoofing. It basically consists of sending fake ARPs. You can associate an attacker’s MAC address with an IP address. In this way you could collect information that is sent through an IP address and control traffic.
This type of attack allows a hacker to steal important data from any individual user or company in the event of a successful attack. They can do it through a device that they have previously attacked and controlled or even their own if it is connected to the local network.
This threat could be prevented through static ARP tables. This avoids a dynamic cache, although it is not a viable thing in most cases. In these cases we would have to maintain a constant inspection to avoid impersonation. For this type of attack to occur, it is necessary for the cybercriminal to use certain tools such as Arpspoof or Driftnet.
We can also relate this to Man in the Middle attacks. What the attacker does is intercept everything that is sent, such as passwords or data. If the network is unprotected, you can spoof your identity and obtain certain confidential information. What the attacker literally does is be in the middle of the communication, listening to everything that is sent and received.
Another type of attack that can affect the ARP protocol is what is known as denial of service or DoS. In this case, an attacker will seek to send a large number of requests so that the systems, servers or networks cannot respond normally.
This problem will cause users to be unable to connect to the network. For this to happen they must exploit some vulnerability that is in the network protocol. They can make them unable to connect properly for a while. It is similar to attacks of this type that we can see against a web server, for example, which is no longer accessible to visitors.
Once an attacker has successfully exploited the ARP protocol, he can carry out DDoS attacks or denial of distributed services. You can bombard a server with a large number of requests and not be able to resolve them properly.
Ultimately, the ARP protocol is used to resolve IPv4 addresses to MAC. To do this, it uses ARP tables to find the corresponding addresses and link them. This allows the addresses to be translated and the devices to be found. It is essential to connect a computer to the router, for example. To avoid all this that we mention, it is essential that we always maintain security, that we have protected networks and are alert at all times to detect any intrusion attempt as soon as possible.