ARP spoofing is a common method of attacking a network by stealing the IP address of a network server and sniffing the traffic passed to it.
An open source solution is ArpON “Arp handler inspectiON”. It is a portable ARP handler and it detects and blocks all ARP Poisoning/Spoofing attacks with Static Arp Inspection (SARPI) and Dynamic Arp Inspection (DARPI) approach on switched/hubbed LAN with/without DHCP protocol.
Some switch vendors have devised a defense against this form of attack that imposes very strict control over what ARP packets are allowed into the network. Allied Telesis switches have a sub-feature of DHCP Snooping, known as ARP Security, while the equivalent feature on Cisco devices is called Dynamic ARP Inspection.
ARP security can guard against this poisoning by its strict control of what ARP packets are allowed to be forwarded. ARP security checks the IP address in the Source Protocol Address field of ARP packets.
If that IP address is not an address that DHCP snooping has recorded as being in use by a host connected to the ingress port of the ARP, then the ARP is dropped.
Therefore, ARP security makes it impossible for a host to poison the ARP caches of other hosts, as the switch will only allow through ARP packets that have genuine information in the Source Protocol Address field.
