An efficient and feasible solution to ARP Spoof problem

Puangpronpitag, Somnuk; Masusai, Narongrit

doi:10.1109/ecticon.2009.5137193

Cited by 24 publications

(14 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Dynamic ARP spoof Protection System (DAPS) is a software solution to ARP spoofing attack, which uses a valid static ARP as a vaccine to protect against the spoofed IP address. DAPS comprises of four major components: Server Protection (SP) , Gateway Protection (GP) , Client Protection (CP) , and Surveillance Server (SS) .…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Modeling and performance analysis of a new secure address resolution protocol

Younes

2017

Int J Communication

View full text Add to dashboard Cite

SummaryAddress Resolution Protocol (ARP) is an essential protocol for the operation of local area networks. It is used for mapping the logical address to the physical address. However, ARP was designed without any security features. Therefore, ARP is vulnerable to many ARP spoofing attacks, such as the host impersonation, man-in-the-middle (MITM), and denial of service (DoS) attacks. Many techniques were introduced in the literature for mitigating ARP spoofing attack. However, they could not provide protection against the host impersonation and DoS attacks. This work introduces a new technique to secure address resolution protocol called ARP Authentication (ARP-A). The proposed technique provides authentication for ARP messages and entities. In addition, it converts ARP from a stateless to a stateful protocol. To evaluate the performance of ARP-A, it was implemented on Linux. To investigate the scalability of ARP-A, a new analytical model was designed for it using stochastic reward nets. The results show that, compared with other related schemes introduced in the literature, ARP-A is more efficient in terms of security and performance. ARP is a stateless protocol 2 because it does not store the state of the ARP requests. It processes an ARP Reply message whether or not it sent an ARP Request. Due to its stateless property and lack of integrity and authenticity, ARP has some serious inherent security vulnerabilities. The ARP spoofing attack 3 can be performed by transmitting a spoofed ARP Request or Reply in the network. In this attack, the attacker associates his MAC address with the IP address of the victim. So, the traffic destined to the IP address of the victim will instead be forwarded to the attacker. The ARP spoofing attack is a serious security problem that threats LANs. 4 It is usually used to perform other types of LAN attacks, such as the man-in-the-middle (MITM), 5 denial of service (DoS), 6 and host impersonation attacks. 4

show abstract

Section: Related Workmentioning

confidence: 99%

“…6 These techniques can be classified into 2 categories: cryptographic techniques 7-10 and non-cryptographic techniques. [11][12][13][14][15][16][17][18][19][20][21] However, most of these techniques have many limitations. Although non-cryptographic techniques can detect ARP attacks, they cannot prevent them.…”

mentioning

confidence: 99%

Modeling and performance analysis of a new secure address resolution protocol

Younes

2017

Int J Communication

View full text Add to dashboard Cite

show abstract

“…Using static ARP entries is the simplest mechanism to protect the ARP poisoning. Somnuk Puangpronpitag and Narongrit Masusai [3] have proposed a mechanism for ARP spoofing detection and prevention using static IP-MAC pair entries of every host on the network. However, this solution is not feasible for organizations having large LAN segment.…”

Section: Related Workmentioning

confidence: 99%

An ICMP based secondary cache approach for the detection and prevention of ARP poisoning

Tripathi

Mehtre

2013

2013 IEEE International Conference on Computational Intelligence and Computing Research

View full text Add to dashboard Cite

Address Resolution Protocol (ARP) poisoning is one of the most basic technique employed in computer hacking. ARP poisoning is used when a host is used to poison ARP cache of another host in order to send packets to some other destination than the intended one. This paper presents a feasible technique to detect and prevent the ARP poisoning by removing the multiple entries for the same MAC address or IP address from the ARP table using a secondary cache. This secondary cache contains the entries according to Internet Control Message Protocol (ICMP) responses. Since this technique prevents multiple entries for same IP address or MAC address, it also mitigates IP exhaustion problem. The secondary cache is maintained at every host which makes this technique distributed in nature, thereby prevents it from single point failure. Experimental results are also provided to support the proposal.

show abstract

“…The DAPS (Dynamic ARP spoof Protection System) technique suggested in [8] is a solution to ARP spoofing that snoops DHCP packets and use them as vaccines. Yet this technique doesn't scale well for those network that use static IP addressing scheme and also vaccines will be invalid if DHCP starvation attack occurs.…”

Section: Related Workmentioning

confidence: 99%

“…ARP spoofing can be used to launch one of two different attack categories [7]: Denial of Service (DoS) attacks or Man in the Middle (MITM) attacks Several solutions have been proposed to mitigate the ARP spoofing, but each has its limitations [7]. The solutions have been classified into five different categories [8]:…”

Section: Introductionmentioning

confidence: 99%

An Automated approach for Preventing ARP Spoofing Attack using Static ARP Entries

AbdelSalam¹,

Elkilani²,

Amin³

2014

IJACSA

View full text Add to dashboard Cite

Abstract-ARP spoofing is the most dangerous attack that threats LANs, this attack comes from the way the ARP protocol works, since it is a stateless protocol. The ARP spoofing attack may be used to launch either denial of service (DoS) attacks or Man in the middle (MITM) attacks. Using static ARP entries is considered the most effective way to prevent ARP spoofing. Yet, ARP spoofing mitigation methods depending on static ARP have major drawbacks. In this paper, we propose a scalable technique to prevent ARP spoofing attacks, which automatically configures static ARP entries. Every host in the local network will have a protected non-spoofed ARP cache. The technique operates in both static and DHCP based addressing schemes, and Scalability of the technique allows protecting of a large number of users without any overhead on the administrator. Performance study of the technique has been conducted using a real network. The measurement results have shown that the client needs no more than one millisecond to register itself for a protected ARP cache. The results also shown that the server can a block any attacker in just few microsecond under heavy traffic.

show abstract

An efficient and feasible solution to ARP Spoof problem

Cited by 24 publications

References 2 publications

Modeling and performance analysis of a new secure address resolution protocol

Modeling and performance analysis of a new secure address resolution protocol

An ICMP based secondary cache approach for the detection and prevention of ARP poisoning

An Automated approach for Preventing ARP Spoofing Attack using Static ARP Entries

Contact Info

Product

Resources

About