Address Resolution Protocol (ARP) spoofing involves the sending of a fake or "spoofed" ARP message to a network host in an attempt to trick the host into associating an IP address to the sender's MAC address. This technique can cause the recipient to send traffic intended for another node or host to the sender, which is typically a host controlled by an attacker. As a result, the attacker has access to the misdirected network traffic and can manipulate this traffic for his or her own purposes. For example, attackers can extract confidential data from the misdirected traffic or modify the traffic before forwarding them to their intended recipients.
Network VirusWall Enforcer prevents ARP spoofing by broadcasting legitimate ARP information associated with your critical nodes. To detect and terminate ARP spoofing malware on endpoints, it monitors applications for outgoing ARP traffic. If an application is found to be sending more than 100 ARP packets per second, Network VirusWall Enforcer considers the application an ARP spoofing malware and terminates the application if configured to perform ARP spoofing remediation.