Is ARP cache poisoning/spoofing mostly fixed in networks, such as company networks or university networks or is it still a wide vulnerability?
By ARP cache poisoning/spoofing I mean sending an ARP reply packet to a host in a local network to change a specific entry in its local ARP cache. Such as defined in RFC 826.
There are some research papers about defenses against it, but I am wondering how wide fixes for ARP cache poisoning are deployed? Is this still a problem or something that is mostly taken care of in real networks?
Thanks!
ARP poisoning is alive and well. The only real way to block ARP poisoning from occurring is to create a static ARP table, not only in the switches and routers but also into every single device on the network.
The reason why this isn't done in most networks is because it is extremely hard to maintain a list of devices on a network given that we rely so much on wireless devices. Each of our devices has a unique MAC Address and you'd need to keep a record of every single MAC Address connecting to a network. For a net in a university this wouldn't be possible. Students often have 2 or more devices (laptop, smartphone, Apple watch, etc).
However, that being said, if security is of upmost importance, yes you can curb ARP poisoning by creating a static ARP table on the network.
But by no means would a static ARP keep you completely secure. There are other nasty tricks such as MAC cloning / IP cloning that can be performed on the network. To stop this from happening you would have to go one more step and assign each physical port of the switches and routers to a specific MAC and IP. Once again, hard to do since wireless devices do not have any physical ports.