As discussed, ARP can be a vulnerable target. In addition to the attacks listed, there are others as well. The network administrator should be aware of methods to detect as well as defend against these types of attacks. Some possible defensive strategies, so you do not fall victim to an ARP attack, include the following:

• Intrusion Detection/Intrusion Prevention Systems (IDS/IPS): Tune devices to monitor for abnormal ARP activity such as ARP storms, which generally have specific signatures. The device should send an alert if unsolicited replies are detected.
• Static ARP entries: Hardcode address mappings to prevent spoofing. Although an option, this isn't the best method as it doesn't scale well with large networks.
• Firewalls: Use an access-control list with packet filtering to ensure only authorized traffic is on the network segment.
• Anti-ARP software: This software monitors for spoofing, which can present itself as two IP addresses having the same MAC address, as well as other methods, to detect malicious ARP behavior.

• Secure Neighbor Discovery (SEND): On an IPv6 network, it is possible to use the SEND protocol. This is an extension of the NDP that provides authentication by using cryptographic techniques and reduces the ability to successfully launch an ARP spoofing attack on a LAN.