Competitive Gamer Secret: ARP (Address Resolution Protocol)

27 Jun 2024

The Address Resolution Protocol’s (ARP) primary function is to resolve, or map, Internet Protocol (IP) version 4 addresses to Media Access Control (MAC) addresses enabling devices on the same Local Area Network (LAN) to discover each other and communicate at the data link layer (Layer 2) of the Open Systems Interconnection (OSI) model as defined by RFC 826.

How ARP Works

  1. Finding a Device: When your device wants to talk to another device on the network but doesn’t know its MAC address, it sends out an ARP broadcast request. This request asks, “Who has this IP address?”

  2. Getting a Response: Every device on the network gets this request. The device with the matching IP address replies with its MAC address.

  3. Communication: Now, your device knows the MAC address of the device it wants to talk to and can send data directly to it.

In environments where devices frequently join and leave the network or change their IP addresses (e.g., dynamic IP addresses assigned by DHCP) permanently storing these IP/MAC pairings could lead to an invalid network state potentially causing connectivity issues or delays.

Also, in the case of laptops that connect to multiple networks, you would need to manually set the IP/MAC pairings, so the magical (it just works) dynamic nature is mostly advantageous.

To speed up communication avoiding multiple repetitions of ARP broadcasts, operating systems employ ARP caching that stores the IP/MAC information temporarily, or in other words, gives it a lifetime.

Normally this lifetime is a few minutes, but this value is configurable, although requiring some technical ability.

A low lifetime ensures that the ARP cache is regularly updated to reflect the current network state.

Also, with a low ARP cache lifetime, malicious ARP entries introduced by an attacker are removed more quickly, limiting the window of opportunity for attacks like ARP spoofing or poisoning. This increases the difficulty for attackers to disrupt your device communication.

Noteworthy is that static ARP entries are immune to spoofing or poisoning, but with the overhead of manual intervention when IP changes need to occur or there’s a Network Interface Card (NIC) that needs to be replaced (as the MAC will be different).

When you are competing, you won’t be changing your NIC, and the network state is not expected to change either (unless a new gamer joins and your machine speaks to theirs directly), so it’s advantageous to use static ARP entries to speed up communication and reduce network traffic.

Also, ensuring that anyone on the same subnet as you isn’t able to poison your ARP cache for competitive advantage is healthy and, allow me to say it: smart!

What the criminal could do (it is a criminal offense), is to poison your ARP cache so that some communication would not be sent to the right device but to a non-existing one; you would probably perceive it as latency (the time it takes for data to travel from one point to another in a network) or some other problem, giving them an advantage.)

I won’t share how to disrupt your adversaries and not be easily caught any further than what I already did. So, don’t even ask me, as we won’t be friends.

Just know that without the need to regularly verify the IP and MAC address of the router, access point, or switch your competitive device is connected to, you’ll be able to squeeze a few milliseconds every couple of minutes while maintaining a stronger security posture.

And to go even a step further, ensuring that no other ARP traffic along with any other not required traffic is able to be sent to your competitive machine, as your operative system firewall will block it, you may just dodge any network misshapes or less ethical adversaries (in fact criminals, it’s not fun, it’s a crime).

How to Speed Up and Protect Your Device?

  1. You need to know the MAC/IP address pairing of the router, switch, and access point that your device is connected to;

2- You need to set a static ARP entry for it;

3- You need to enforce robust firewall rules that will allow you to focus all traffic on the task at hand.

How to do the above?

Well, first, I hope you appreciate and enjoy that I’ve already shared a secret (give the article some love in exchange will you?), so don’t expect me to share everything as perhaps one day we may compete against each other.

And unless system tuning is against the rules, I intended to make use of it. Besides, I’m quite sure you can figure it out… if you are a seriously competitive person.

If all of the above is a bit above your head and you are worried you may become a victim of a criminal during competition, enquire with the organizer of the games if they will have dynamic ARP inspection devices to protect the players. If they do not, point them to this article.