Address Resolution Protocol was developed to create a standard for translating IP addresses to physical addresses. ARP takes (IP, Protocol) as input and converts to physical address. ARP can be easily spoofed because it lacks security. The inventors of ARP thought that internal to the network threats were minimum, and ARP had to be simple for its efficient and dynamic working. A machine in the network, which can work at the data link layer, can be easily spoofed because of the vulnerability in ARP protocol, leading to a man-in-the-middle attack. Securing ARP is not an easy task because state information should be preserved for authentication of ARP frames. However, the protocol is stateless, and making changes to the ARP protocol itself is not practical since the protocol is currently being widely used. Our objective in this paper is to provide a solution to detect and mitigate ARP spoofing attacks without any changes to the protocol itself. The proposed system provides improvement to an existing solution using ICMP to detect ARP spoofing.
展开▼
