It's 4:45 on a Friday afternoon and you've got to finish that report for your team and make your 5:30 dinner reservation. You sit down at your desk and log onto the corporate Web e-mail system. You ensure that you are using an encrypted HTTP connection to the remote server because the report contains highly sensitive strategic information. When you connect to the e-mail Web server you get a strange error message, something about a mismatched SSL key. Whatever, IT must be messing around again, you think. You click "OK" and enter your username and password, log on to the system, and send your report —all in time to make your dinner reservation. There's just one small problem: You've just been a victim of an ARP spoofing attack. Your username, password, and the report you sent were all intercepted by a hacker. "But I was using an encrypted and secure connection!" you protest. "My network is all switched, so you can't watch any of my traffic!" you insist. These are just some of the assumptions that make ARP spoofing attacks so highly effective. Understanding MAC and ARP In order to understand how you can protect yourself from ARP spoofing–based attacks, you must understand some fundamentals about how systems on Ethernet-based networks communicate. The level of interconnection where ARP spoofing attacks occur is known as Layer 2, or the data link layer in the OSI network model. The first component of Layer 2 communication is the MAC address. Every network interface in an Ethernet network is assigned a MAC, or Medium Access Control address, at the time the device is manufactured. The MAC address is used to uniquely identify every interface connected to an Ethernet network. Every Ethernet card manufactured has a unique address so that cards from any vendor can be interconnected on an Ethernet-based network without having to worry about address conflicts. MAC addresses are used by network equipment such as switches to route information to the correct port on which a destination machine resides. This MAC address–based routing eliminates the need to broadcast traffic on all ports, as a hub does.