Discusses the Address Resolution Protocol (ARP) and the problem of ARP cache poisoning. ARP cache poisoning is the malicious act, by a host in a LAN, of introducing a spurious IP address to MAC (Ethernet) address mapping in another host's ARP cache. We discuss design constraints for a solution: the solution needs to be implemented in middleware, without any access or change to any operating system source code, it needs to be backward-compatible with the existing protocol and to be asynchronous. We present our solution and implementation aspects of it in a Streams-based networking subsystem. Our solution comprises two parts: a "bump in the stack" Streams module, and a separate Stream with a driver and user-level application. We also present the algorithm that is executed in the module and application to prevent ARP cache poisoning where possible, and to detect and raise alarms otherwise. We then discuss some limitations with our approach and present some preliminary performance figures for our implementation.
[1]
Stephen A. Rago,et al.
UNIX system V network programming
,
1993,
Addison-Wesley professional computing series.
[2]
Smoot Carl-Mitchell,et al.
Using ARP to implement transparent subnet gateways
,
1987,
RFC.
[3]
Ralph E. Droms,et al.
Dynamic Host Configuration Protocol
,
1993,
RFC.
[4]
Mostafa H. Ammar,et al.
Protocol portability through module encapsulation
,
1996,
Proceedings of 1996 International Conference on Network Protocols (ICNP-96).
[5]
W. Richard Stevens,et al.
TCP/IP Illustrated, Volume 1: The Protocols
,
1994
.
[6]
Jon Postel,et al.
Internet Protocol
,
1981,
RFC.
[7]
David C. Plummer,et al.
Ethernet Address Resolution Protocol: Or Converting Network Protocol Addresses to 48.bit Ethernet Address for Transmission on Ethernet Hardware
,
1982,
RFC.