On-path Attacks

It only affects devices on different subnets.

It is easily detectable by the victim devices.

The attacker can watch and potentially modify traffic between two devices.

It primarily targets the physical layer of the network.

It requires advanced encryption techniques.

ARP includes robust security and authentication features.

It only works on wide area networks (WANs).

ARP lacks built-in security or encryption.

The victim's ARP cache is cleared.

The victim's ARP cache remains unchanged.

The victim's ARP cache is updated with the attacker's MAC address for the target IP.

The victim's ARP cache is encrypted.

It only works on unencrypted traffic.

It requires physical access to the victim's computer.

It allows the attacker to see encrypted traffic in the clear.

Victims are immediately alerted to the attack.