On investigating ARP spoofing security solutions Online publication date: Fri, 09-Apr-2010
by Zouheir Trabelsi, Wassim El-Hajj
International Journal of Internet Protocol Technology (IJIPT), Vol. 5, No. 1/2, 2010
Abstract: The address resolution protocol (ARP) has proven to work well under regular circumstances, but it was not designed to cope with malicious hosts. By performing ARP spoofing attacks, a malicious host can either impersonate another host [man-in-the-middle attack (MiM) ] and gain access to sensitive information, or perform denial of service attack (DoS) on target hosts. Several security solutions, such as high-cost LAN switches and intrusion detection or prevention systems (IDS/IPS), are currently used to detect and prevent these attacks. In this paper, we evaluate, through extensive practical experiments, how effective these security solutions are in detecting ARP spoofing. We clearly show that ARP spoofing has not been given enough attention by most common security solutions which lack efficient detection and prevention mechanisms. We then propose an optimal algorithm that is capable of detecting all various ARP spoofing attacks; especially those not detected using the current mechanisms. The suggested algorithm can be easily integrated in any available security solution with very minimal overhead.
Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Internet Protocol Technology (IJIPT):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email subs@inderscience.com