Malicious JavaScript Insertion through ARP Poisoning Attacks

The Address Resolution Protocol (ARP) is a core communication protocol used for LANs. RFC 826 defined it in 19821 but paid little attention to security. Although we've been aware of potential attacks against ARP for more than 10 years, we've only recently started observing them in the real world, especially from various Chinese hacking groups. Here, I explain ARP attack fundamentals and analyze recent attacks that used ARP poisoning against Web hosting companies to let attackers insert malicious code into virtually thousands of Web sites.