EXPLORE
Sign In
← Back to Explore
T1557.002

ARP Cache Poisoning

Adversaries may poison Address Resolution Protocol (ARP) caches to position themselves between the communication of two or more networked devices. This activity may be used to enable follow-on behaviors such as [Network Sniffing](https://attack.mitre.org/techniques/T1040) or [Transmitted Data Manipulation](https://attack.mitre.org/techniques/T1565/002). The ARP protocol is used to resolve IPv4 addresses to link layer addresses, such as a media access control (MAC) address.(Citation: RFC826 ARP)...

LinuxWindowsmacOS
3
Detections
1
Sources
2
Threat Actors

BY SOURCE

3splunk_escu

PROCEDURES (2)

Suspicious2 detections

Auto-extracted: 2 detections for suspicious

Network Connection Monitoring1 detections

Auto-extracted: 1 detections for network connection monitoring

THREAT ACTORS (2)

CleaverLuminousMoth

DETECTIONS (3)

Detect ARP Poisoning
splunk_escu
Detect IPv6 Network Infrastructure Threats
splunk_escu
Detect Port Security Violation
splunk_escu