Episode 18 — Decode ARP and Neighbor Discovery: Local Network Trust and Spoofing Risks
This episode covers ARP in IPv4 and Neighbor Discovery in IPv6 as local network mechanisms that can become attack surfaces when trust is assumed rather than enforced, a pattern that appears in GSEC questions about spoofing and man-in-the-middle risk. You’ll define how a host maps an IP address to a link-layer address for local delivery, then explain why that mapping can be poisoned when an attacker can send convincing replies faster than legitimate devices. We’ll walk through scenarios such as redirecting traffic through a rogue system, capturing credentials on an open segment, or causing denial by mapping a gateway IP to the wrong address. Best practices include segmentation to reduce who can talk locally, static ARP only where appropriate, monitoring for ARP anomalies, and using switch protections like dynamic ARP inspection with trusted bindings when the environment supports it. Troubleshooting considerations include distinguishing a spoofing incident from a simple misconfiguration, and validating whether the gateway mapping changes over time. The key exam skill is recognizing that “local network” does not equal “trusted network” without controls. Produced by BareMetalCyber.com, where you’ll find more cyber audio courses, books, and information to strengthen your educational path. Also, if you want to stay up to date with the latest news, visit DailyCyber.News for a newsletter you can use, and a daily podcast you can commute with.
