Title: A framework to mitigate ARP sniffing attacks by cache poisoning
Authors: B. Prabadevi; N. Jeyanthi
Addresses: School of Information Technology and Engineering, VIT University, Vellore, India ' School of Information Technology and Engineering, VIT University, Vellore, India
Abstract: Today in the digital era of computing, most of the network attacks are caused by sniffing the sensitive data over the network. Among various types of sniffing attacks, ARP sniffing causes most of the LAN attacks (wired and wireless LAN coexist). ARP sniffing causes poisoning of ARP cache or spoofing. Through ARP sniffing, the attacker tries to know the (IP, MAC) pair of victim's system available in ARP table or ARP request-reply packet passed over the network and either exploits victim's resources or creates a situation to deny victim's services for its legitimate users. This in-turn causes MITM, DoS or DDoS attacks. The major cause for these attacks is lack of effective authentication mechanisms with ARP or RARP protocols used for address resolution. This paper provides the working principle of ARP protocol and a method to mitigate the attacks caused by ARP cache poisoning. The proposed framework compares the IP-MAC pair in the ARP and Ethernet headers and if any fake entry is suspected, the information is updated in the fake list and a message is sent to the gateway or router to alert it from cache poisoning attacks.
Keywords: ARP cache poisoning; address resolution; man-in-the-middle attacks; host impersonation; mitigation; ARP sniffing attacks; DDoS attacks.
International Journal of Advanced Intelligence Paradigms, 2018 Vol.10 No.1/2, pp.146 - 159
Received: 28 Mar 2016
Accepted: 02 Jul 2016
Published online: 29 Jan 2018 *