UNIDES: An Efficient Real-Time System to Detect and Block Unauthorized Internet Access

Uzunay, Yusuf; Biçakcı, Kemal

doi:10.1109/icpads.2005.286

Cited by 1 publication

(1 citation statement)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This problem has been addressed in numerous studies, and most switch products are supported by defense mechanisms . The UNIDES system employs a proxy server (a centralized system) to counter ARP table and MAC and IP address spoofing attacks but did not address MTO vulnerability attacks (by using MAC address and ports). Other attack methods employ numerous random IP addresses to deliver packets and flood a server.…”

Section: Related Studiesmentioning

confidence: 99%

Enhancing the performance and security against media‐access‐control table overflow vulnerability attacks

Tzang

Chang

Tzang

2014

Security Comm Networks

View full text Add to dashboard Cite

A media‐access‐control (MAC) table of switches is used to store the MAC addresses of stations in a local area network (LAN) segment to enable frame forwarding. Each incoming frame is broadcast to all switch ports through a switch backplane when an MAC address is not registered in the MAC table. If an address is registered, the switch forwards the frame to the port connected to the destination host. An MAC table overflow (MTO) vulnerability attack causes the MAC table of all switches to overflow in an LAN segment, and all incoming frames are broadcast to every port in the switch. The attack degrades switch‐based LANs (each port of a switch comprises an individual operating domain and switch bandwidth) to bus‐based LANs (all ports are bounded to one operating domain and share a bandwidth similarly to a hub), causing information leakages and reducing the effective bandwidth; a virtual LAN configuration can reduce but not eliminate the associated damage. This paper presents the security effect of an MTO vulnerability attack, and a novel per‐port‐based MAC table design is proposed to solve this type of vulnerability. The experimental results indicate that the mechanism of the proposed design eliminates the damage caused by such attacks. Copyright © 2014 John Wiley & Sons, Ltd.

show abstract

Section: Related Studiesmentioning

confidence: 99%