Proceedings of the 2003 ACM workshop on Rapid malcode
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
A Semi-Autonomic Framework for Intrusion Tolerance in Heterogeneous Networks
IWSOS '08 Proceedings of the 3rd International Workshop on Self-Organizing Systems
Hi-index | 0.00 |
There are a large number of large-scale Ethernet-based local and metropolitan area networks in use. A significant reason for this prolific deployment is the relatively simple manner in which they can be configured and deployed. A critical service on these networks, that epitomises the simple nature of Ethernet, is the Address Resolution Protocol (ARP). This protocol is used to determine the link-layer address of a host given its network-layer identifier, and uses the intrinsic broadcast capability of Ethernet to determine these mappings. In this paper, we present an analysis of ARP behaviour on three sizable local area networks and show that due to poorly configured or malicious software (e.g. viruses) on hosts, performance issues could arise because of ARP. We also propose a scheme that can be used to manage the effect of the problems identified in our analysis.