Article

Protecting Your Network from ARP Spoofing-Based Attacks

Authors:
To read the full-text of this research, you can request a copy directly from the author.

Abstract

It's 4:45 on a Friday afternoon and you've got to finish that report for your team and make your 5:30 dinner reservation. You sit down at your desk and log onto the corporate Web e-mail system. You ensure that you are using an encrypted HTTP connection to the remote server because the report contains highly sensitive strategic information. When you connect to the e-mail Web server you get a strange error message, something about a mismatched SSL key. Whatever, IT must be messing around again, you think. You click "OK" and enter your username and password, log on to the system, and send your report —all in time to make your dinner reservation. There's just one small problem: You've just been a victim of an ARP spoofing attack. Your username, password, and the report you sent were all intercepted by a hacker. "But I was using an encrypted and secure connection!" you protest. "My network is all switched, so you can't watch any of my traffic!" you insist. These are just some of the assumptions that make ARP spoofing attacks so highly effective. Understanding MAC and ARP In order to understand how you can protect yourself from ARP spoofing–based attacks, you must understand some fundamentals about how systems on Ethernet-based networks communicate. The level of interconnection where ARP spoofing attacks occur is known as Layer 2, or the data link layer in the OSI network model. The first component of Layer 2 communication is the MAC address. Every network interface in an Ethernet network is assigned a MAC, or Medium Access Control address, at the time the device is manufactured. The MAC address is used to uniquely identify every interface connected to an Ethernet network. Every Ethernet card manufactured has a unique address so that cards from any vendor can be interconnected on an Ethernet-based network without having to worry about address conflicts. MAC addresses are used by network equipment such as switches to route information to the correct port on which a destination machine resides. This MAC address–based routing eliminates the need to broadcast traffic on all ports, as a hub does.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the author.

... Then using this poisoning different modes of attack such as Sniffing (Man in The Middle (MiTM) attack, MAC Flooding Attack), Denial of Service Session Hijacking, etc can be generated [5, 10, 14]. Such poisoning can be furnished in the following ways [7, 8]: Unsolicited Response: If a host receives an ARP reply packet by some other host it will update its ARP Cache without checking the validity of the ARP reply, that means the receiving host will not check whether that ARP reply is generated for an ARP request. So an attacker has to send out an ARP reply packet with false mapping information to one/any number of hosts that the attacker wants to victimize by poisoning the ARP Cache. ...
... ARPwatch can't be trusted if it is implemented in a DHCP enabled network as it'll generate many false alarms. Mahesh V. Tripunitara and Partha Dutta in [7] has proposed a solution to detect and prevent ARP cache poisoning According to their solution when any host receives an ARP reply, it will be checked if that reply is for any outstanding ARP request. If not, the frame will be dropped. ...
... Our solution can also be implemented in DHCP enabled network unlike the ARPwatch. Again unlike the solution stated in the [7], no kernel level modification is necessary as our solution just checks the local cache, not the ARP packet. The limitation of our solution is that time to time it will create some extra traffic for the verification purpose in the network. ...
Conference Paper
Full-text available
ARP cache poisoning based attack has been one of the most successful attack methods for years inside a LAN. There are a few solutions to detect and sometimes prevent an ARP based attack but they have some restrictions. In this paper we present a novel way to detect ARP cache poisoning inside a LAN. We propose a middleware and synchronous solution that has to be implemented in a distributed approach. Our solution requires no need have access and change to any Operating System code, but needs to be activated in timely manner and more than one host inside a LAN will be utilized to detect ARP cache poisoning based attack.
... A beneficial side-effect of MAT is the improved protection against ARP spoofing based attacks as detailed in [1]. In an Ethernet network, switching decisions are based upon data link layer addresses. ...
Article
Full-text available
Today, an increasing number of customers subscribes for a high bandwidth internet access. But not only speed is demanded. Reliability, availability, and security move more and more into the customers focus. Carriers and Internet Service Providers, too, have increasing requirements derived from new services they want to offer to their customers or use themselves. A hardware solution is presented, which provides the functionality of MAC Address Translation and Traffic Management. This solution is highly flexible and can be adapted to the providers' needs. The module is implemented on a Field Programmable Gate Array (FPGA) and offers a wide range of functionality in an Access Network for relatively low costs. Additionally, the selection of an FPGA as implementation target offers the possibility to adapt the functionality to future needs by in-field reconfiguration.
ResearchGate has not been able to resolve any references for this publication.