An Analysis on the Schemes for Detecting and Preventing ARP Cache Poisoning Attacks
ICDCSW '07 Proceedings of the 27th International Conference on Distributed Computing Systems Workshops
Detecting ARP spoofing: an active technique
ICISS'05 Proceedings of the First international conference on Information Systems Security
Detection of NDP based attacks using MLD
Proceedings of the Fifth International Conference on Security of Information and Networks
Hi-index | 0.00 |
With the increase in number of hosts in the Internet, there is also a rise in the demand for IP address space. To cater to this issue, IP version 6 (IPv6) succeeded IPv4. Compared to 32 bit IP address space in IPv4, IP address in IPv6 is composed of 128 bits. In IPv4, when a host wants to communicate with another host in an LAN, it needs to know the MAC address of the target host, which was possible through Address Resolution Protocol (ARP). As ARP is stateless and due to lack of authorization in ARP messages, many attacks like request spoofing, response spoofing, Man-in-the-Middle (MiTM), Denial-of- Service (DoS) etc. are possible. IPv6 uses Network Discovery Protocol (NDP) to find the MAC address. NDP is also stateless and lacks authentication of its messages by default. So NDP also suffers from many attacks similar to ARP. Although there are various attack detection and prevention mechanisms available for ARP attacks, they are not yet implemented for NDP (IPv6). In this paper we propose an attack detection mechanism for neighbor solicitation spoofing and neighbor advertisement spoofing.