TCP/IP illustrated (vol. 1): the protocols
TCP/IP illustrated (vol. 1): the protocols
S-ARP: a Secure Address Resolution Protocol
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Research of the ARP spoofing principle and a defensive algorithm
WSEAS TRANSACTIONS on COMMUNICATIONS
Research of the ARP spoofing principle and a defensive algorithm
WSEAS TRANSACTIONS on COMMUNICATIONS
An active intrusion detection system for LAN specific attacks
AST/UCMA/ISA/ACN'10 Proceedings of the 2010 international conference on Advances in computer science and information technology
Detection of neighbor solicitation and advertisement spoofing in IPv6 neighbor discovery protocol
Proceedings of the 4th international conference on Security of information and networks
| Hi-index | 0.00 |
The Address Resolution Protocol (ARP) due to its statelessness and lack of an authentication mechanism for verifying the identity of the sender has a long history of being prone to spoofing attacks. ARP spoofing is sometimes the starting point for more sophisticated LAN attacks like denial of service, man in the middle and session hijacking. The current methods of detection use a passive approach, monitoring the ARP traffic and looking for inconsistencies in the Ethernet to IP address mapping. The main drawback of the passive approach is the time lag between learning and detecting spoofing. This sometimes leads to the attack being discovered long after it has been orchestrated. In this paper, we present an active technique to detect ARP spoofing. We inject ARP request and TCP SYN packets into the network to probe for inconsistencies. This technique is faster, intelligent, scalable and more reliable in detecting attacks than the passive methods. It can also additionally detect the real mapping of MAC to IP addresses to a fair degree of accuracy in the event of an actual attack.