Since the Modbus RTU wired communication protocol of Siemens variable frequency motors is unstable and lacks a protection mechanism, there is a risk of user information leakage. Aiming at the problems of insufficient flexibility of traditional defense methods and poor defense effects, The present work proposed a new dual detection method based on MODBUS RTU, which combines the dual monitoring mechanism of "Address Resolution Protocol (ARP) request detection" and "ARP response detection". In order to improve detection efficiency, two real-time updated linear tables are introduced, which can effectively deal with the three ARP spoofing methods of updating the ARP buffer. Based on the analysis of the hidden dangers of the Modbus RTU wired communication protocol, a wired connection between the S7-1200 PLC and the variable frequency motor was established, and a real experimental platform was constructed to demonstrate the attack. The intensity of ARP attacks has gradually increased over time. Through comparative experiments with traditional defense methods, it is proved that the algorithm enhances the protocol mechanism in principle, and is more flexible and reliable than traditional methods.