- Can be discovered by monitoring the ARP table
- you can use a tool named xARP to help you do this automatically
- There is no proper way to protect against APR spoofing
- the weakness is in ARP itself
- Use HTTPS everywere to ensure your data is encrypted and cannot be modified or read
- HTTPS everywhere is a browser plugin that will force you to use HTTPS and sslstrip will not work against these sites