Is it possible to enable ARP spoofing in Azure virtual networks?

David Formby 20 Reputation points
2024-02-01T20:27:54.7+00:00

I am interested in hosting penetration testing labs in Azure and would like to be able to use ARP spoofing. I understand that it is not possible to do ARP spoofing in most cloud providers, like AWS (https://medium.com/cloud-security/why-one-of-your-favorite-pen-testing-techniques-doesnt-work-on-aws-4974d9294e65) I've searched around the documentation and the configurations in the Azure portal, but I don't see any way of controlling it. I'm guessing the answer is probably no, but does anyone know if it is possible to enable ARP spoofing inside of an Azure virtual network?

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,036 questions
{count} votes

Accepted answer
  1. Priya Kumar 1,091 Reputation points Microsoft Employee
    2024-02-02T06:02:55.89+00:00

    Hello David,

    Thanks for reaching to Azure Q and A platform.

    The answer to the above query like other cloud providers is likely to be NO. Because of the following reasons.

    1. ARP in azure is a Software Defined Networking. It has its own consideration compared to the Traditional LAN.
    2. ARP request would need to push to every single TOR and every Node in the datacenter.
    3. The agents running on the node, would recognize the destination MAC and pulls the ARP request to see if that IP is part of the VNET.
    4. I do believe that any Spoofing of the ARP or the MAC spoofing is not recommended to perform for this flow.

    Could you please explain us more on why you need ARP spoofing? So that we could suggest any alternative security feature in Azure.

    Regards, Priya Kumar


0 additional answers

Sort by: Most helpful