ARP Attacks – Gratuitous ARP request

• An attacker can send a gratuitous ARP message containing a spoofed MAC address to a switch, and the switch would update its MAC table accordingly
• In a typical attack, a threat actor sends unsolicited ARP Replies to other hosts on the subnet with the MAC Address of the threat actor and the IP address of the default gateway, effectively setting up a man-in-the-middle attack

A client can send an unsolicited ARP Reply called a “gratuitous ARP” so other hosts on the subnet store the MAC address and IP address contained in the gratuitous ARP in their ARP tables