Advertisement

A Client/Server Based Mechanism to Prevent ARP Spoofing Attacks

  • Haider Salim
  • Zhitang Li
  • Hao Tu
  • Zhengbiao Guo
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7332)

Abstract

Address Resolution Protocol (ARP) is the network part that is responsible for identifying a Media Access Control (MAC) address of each other, through mapping an IP address to the corresponding MAC address. Unfortunately, ARP is a stateless protocol, the weakness in ARP effects directly on the security standards of the network and especially in Ethernet. In this paper, we propose a new architecture; named a CSIDS Client/Server based Intrusion Detection System designed to detection and defense against ARP spoofing attacks. The main idea behind this approach is to implement a real-time analyzing for received ARP packets and in case of detection a suspicious ARP packet a resolution message will be exchanged between system parts on the same network. This system is resilience by making at most two objects (client/server) to work efficiently; on the other hand, just one client is capable of defending on himself.

Keywords

ARP Cash Poisoning Man-In-The-Middle attack Network Security 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Plummer: An Ethernet address resolution protocol. RFC 826 (1982)Google Scholar
  2. 2.
    Behrouz: TCP/IP Protocol Suite, ch. 8. McGraw-Hill, New York (2010)Google Scholar
  3. 3.
    ISL GmbH, ARP-Guard, http://www.arp-guard.com
  4. 4.
    founder, Roesch: Network Intrusion Detection and Prevention System (IDS/IPS), http://www.snort.org
  5. 5.
    Hou, X., Jiang, Z., Tian, X.: The detection and prevention for ARP Spoofing based on Snort. In: IEEE Int. Conf. Computer Application and System Modeling, pp. V5-137–V5-139 (2010)Google Scholar
  6. 6.
    Gouda, M.G., Huang, C.-T.: A secure address resolution protocol. The International Journal of Computer and Telecommunications Networking 41(1), 57–71 (2003)zbMATHGoogle Scholar
  7. 7.
    Bruschi, D., Ornaghi, A., Rosti, E.: S-ARP: a secure address resolution protocol. In: 19th IEEE Annual Computer Security Applications Conference, pp. 66–74 (2003)Google Scholar
  8. 8.
    Tripunitara, M.V., Dutta, P.: A middleware approach to asynchronous and backward compatible detection and prevention of ARP cache poisoning. In: 15th IEEE Annual Computer Security Applications Conference, pp. 303–309 (1999)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Haider Salim
    • 1
  • Zhitang Li
    • 1
  • Hao Tu
    • 1
  • Zhengbiao Guo
    • 1
  1. 1.Computer Science and Technology, Network CenterHuazhong University of Science and TechnologyWuhanChina

Personalised recommendations