ARP Spoofing Detection and Prevention

True Protection by Jag monitors ARP (Address Resolution Protocol) traffic on your local network to detect and prevent ARP spoofing attacks. ARP spoofing allows attackers to intercept network traffic by impersonating your network gateway.

What Is ARP Spoofing

The Attack: An attacker sends forged ARP messages to associate their MAC address with the IP address of the network gateway, causing your traffic to route through the attacker device.
The Risk: Once traffic is redirected, the attacker can intercept passwords, session tokens, and other sensitive data (also known as a man-in-the-middle attack).
Common Scenarios: Public Wi-Fi networks, shared office networks, and compromised devices on home networks.

How True Protection Detects ARP Spoofing

ARP Table Monitoring: Continuously watches for unexpected changes to the ARP table, particularly changes to the gateway MAC address.
Duplicate IP Detection: Alerts when multiple MAC addresses claim the same IP address on the network.
Gratuitous ARP Analysis: Inspects unsolicited ARP replies that are commonly used in spoofing attacks.
Gateway Pinning: Locks the legitimate gateway MAC address and blocks any ARP messages attempting to change it.

Enabling ARP Protection

Navigate to Network > Local Network > ARP Protection and enable the feature. True Protection will automatically detect your gateway and pin its MAC address. You will receive an immediate alert if any device attempts to spoof the gateway. On trusted networks, you can manually pin additional devices to prevent ARP-based attacks between any endpoints.