An ARP cache1 is a collection of Address Resolution Protocol entries (mostly dynamic), that are created when an IP address is resolved to a MAC address (so the computer can effectively communicate with the IP address).2 The term can be used interchangeably with ARP table, although the latter is sometimes a distinct statically configured table.34
An ARP cache has the disadvantage of potentially being used by hackers and cyberattackers (an ARP cache poisoning attack). An ARP cache helps the attackers hide behind a fake IP address.1 Beyond the fact that ARP caches may help attackers, it may also prevent the attacks by "distinguish[ing] between low level IP and IP based vulnerabilities".5
References
References
- Moon, Daesung; Lee, Jae Dong; Jeong, Young-Sik; Park, Jong Hyuk (2016-05-01). "RTNSS: a routing trace-based network security system for preventing ARP spoofing attacks". The Journal of Supercomputing. 72 (5): 1740–1756. doi:10.1007/s11227-014-1353-0. ISSN 0920-8542. S2CID 255069126.
- "Quick Tips: Flush the ARP cache in Windows 7 - TechRepublic". TechRepublic. 12 May 2011. Retrieved 2017-07-14.
- "What Is Address Resolution Protocol (ARP)?". Fortinet.
The ARP cache is dynamic, but users on a network can also configure a static ARP table containing IP addresses and MAC addresses.
- "How ARP works". Aruba Networks.
A static entry enters the ARP cache from the static ARP table (which is a separate table)...
- Daniels, Thomas E.; Spafford, Eugene H. (1999-01-01). "Identification of host audit data to detect attacks on low-level IP vulnerabilities". Journal of Computer Security. 7 (1): 3–35. CiteSeerX 10.1.1.26.5458. doi:10.3233/jcs-1999-7102. ISSN 0926-227X.