A centralized detection and prevention technique against ARP poisoning

The Man-in-the-Middle (MITM) attack on ARP is presently a common attack and nuisance to the typical LAN environment. This type of MITM is brought to effect by ARP cache poisoning which is achieved using forged ARP packets. ARP poisoning is a mechanism in which a node poisons ARP cache table of another node forcing it to send packets to a destination other than the intended one. This paper presents a feasible solution to the ARP cache poisoning, removing inconsistencies from all ARP tables of all hosts in the network. This paper uses a centralized system and ARP Central Server (ACS) to manage ARP table entries in all hosts. All hosts in the network uses the ACS to validate their ARP table entries. The ACS validates and corrects the poisoned ARP entries of the attacked hosts and hence prevents ARP poisoning in the network.

[1]  Franco Callegati,et al.  Man-in-the-Middle Attack to the HTTPS Protocol , 2009, IEEE Security & Privacy Magazine.

[2]  Danilo Bruschi,et al.  S-ARP: a secure address resolution protocol , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[3]  T. Chomsiri Sniffing Packets on LAN without ARP Spoofing , 2008, 2008 Third International Conference on Convergence and Hybrid Information Technology.

[4]  Shefalika Ghosh Samaddar,et al.  Different flavours of Man-In-The-Middle attack, consequences and feasible solutions , 2010 .

[5]  Dongwon Kim,et al.  Enhanced ARP: preventing ARP poisoning-based man-in-the-middle attacks , 2010, IEEE Communications Letters.

[6]  Bojan Zdrnja Malicious JavaScript Insertion through ARP Poisoning Attacks , 2009, IEEE Security & Privacy.

[7]  Patrick D. McDaniel,et al.  TARP: ticket-based address resolution protocol , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[8]  B. Issac,et al.  Secure unicast address resolution protocol (S-UARP) by extending DHCP , 2005, 2005 13th IEEE International Conference on Networks Jointly held with the 2005 IEEE 7th Malaysia International Conf on Communic.

[9]  Zhiping Jiang,et al.  The detection and prevention for ARP Spoofing based on Snort , 2010, 2010 International Conference on Computer Application and System Modeling (ICCASM 2010).