Journal articles on the topic 'Arp cache poisoning'

<em>Address Resolution Protocol (ARP) poisoning is a key vulnerability exploited in advanced LAN attacks, such as Denial- of-Service (DoS) and Man-in-the-Middle (MITM) attacks. The stateless nature of ARP weakens network security, especially in Ethernet environments. To detect such threats, the proposed method involves monitoring network traffic through a Central Server (CS), which then sends a trap ICMP ping packet and analyzes the response to identify malicious activity. For prevention, a voting-based mechanism is used to select a trustworthy CS. By validating and correcting &lt;IP, MAC&gt; pair entries in hosts' cache tables, the CS effectively mitigates ARP poisoning while preserving system performance. This technique relies on ICMP and voting, offering backward compatibility, low cost, minimal traffic overhead, and easy deployment providing a robust solution to detect and prevent MITM-based ARP poisoning while addressing ARP&rsquo;s inherent weaknesses.</em>

AbstractThe bridge protocol (Address Resolution Protocol) ARP, integrating Ethernet (Layer 2) and IP protocol (Layer 3) plays a vital role in TCP/IP communication since ARP packet is the first packet generated during any TCP/IP communications and they are the first traffic from the host. In the large data center, as the size of the broadcast domain (i.e., number of hosts on the network) increases consequently the broadcast traffic from the communication protocols like ARP also increases. This paper addresses the problem faced by Layer 2 protocols like insecured communication, scalability issues and VM migration issues. The proposed system addresses these issues by introducing two new types of messaging with traditional ARP and also combat the ARP Cache poisoning attacks like host impersonation, MITM, Distributed DoS by making ARP stateful. The components of the proposed methodology first start the process by decoding the packets, updates the invalid entry made by the user with Timestamp feature and messages being introduced. The system has been implemented and compared with various existing solutions.

Even today, internet users’ data security remains a significant concern. One problem is ARP poisoning, otherwise referred to as ARP spoofing. Such attacks are intended to exploit the identified ARP protocol vulnerability. Despite no straightforward remedy for ARP spoofing being apparent, certain actions may be taken to maintain one’s safety. The most basic and common defence against a poisoning attack is manually adding MAC and IP addresses to the static ARP cache table. However, this solution is ineffective for large networks where static entries require considerable time and effort to maintain, whether by human input or via special tools and settings for the static entries of network devices. Accordingly, this paper aimed to monitor network packet information and detect the behaviour of ARP poison attacks on operating systems, for instance Windows and Linux. The discovery and defence policy systematically and periodically check the MAC addresses in the ARP table, enabling alerts to be issued if a duplicate entry is detected. This enables the poison-IP address to be blocked before a reply is sent. Finally, the results showed that the superiority was successfully achieved in the detection, prevention and reporting mechanisms in the real-world environment.

Kepadatan trafik data pada jaringan menyebabkan timbulnya kemacetan atau congestion pada lalu lintas trafik data. Jika terjadi di jaringan internet publik, kondisi ini akan mengganggu kenyamanan pengguna. Seringkali kepadatan ini disebabkan oleh pengguna yang melakukan pengunduhan data dalam jumlah besar. Solusi yang sering digunakan untuk mengurangi kepadatan trafik ini adalah dengan memperbesar bandwidth atau menggunakan metode seperti traffic policing serta queue management. Permasalahannya, solusi ini sulit diterapkan untuk organisasi skala kecil seperti sekolah atau pemerintahan desa yang tidak memiliki sumber dana yang besar untuk teknologi ini. Penelitian ini bertujuan untuk memodifikasi perangkat lunak sumber terbuka bernama Tuxcut untuk dimanfaatkan sebagai teknik pembatasan bandwidth dengan biaya murah. Dari hasil penelitian, didapatkan bahwa penerapan modifikasi perangkat lunak ini dapat digunakan untuk membatasi penggunaan bandwidth.

As the world embraces a technological revolution on how everyday devices are connected to the internet, users provide sensitive information using the internet which is broken down and distributed as packets throughout the network. Packet sniffers tap to these packets, capable of potentially compromising security and privacy of unsuspecting users. This study aims to put into the test some well-known Intrusion Detection Systems (IDS) and observe how they fare against popular packet-sniffing tools such as Wireshark and tcpdump. The varied sniffing methods and techniques from various sniffing tools will provide an evaluation of performance of the intrusion detection systems.[1]  Ansari, S., Rajeev, S. &amp; Chandrashekar, H. Packet Sniffing: A brief introduction. Potentials IEEE, Vol. 21 (5), (2002), pp. 17-19.[2]  Chomsiri, T. Sniffing packets on LAN without ARP spoofing.  IEEE in Convergence and Hybrid Information Technology ICCIT'08. Third International Conference, Vol. 2 (1), (2008), pp. 472-477.[3]  Anh, N. &amp; Shorey, R. Network sniffing tools for WLANs: merits and limitations. 2005 IEEE International Conference on Personal Wireless Communications, (2005).[4]  Hu, Q., Asghar, M. &amp; Brownlee, N. Evaluating network intrusion detection systems for high-speed networks. Telecommunication Networks and Applications Conference (ITNAC) 2017 27th International, (2017), pp. 1-6.[5]  Guo, K., Lu, H. &amp; Yu, R. Packet Capture and Protocol Analysis Based on Winpcap. 2016 International Conference on Robots &amp; Intelligent System (ICRIS), (2016).[6]  Goyal, P. &amp; Goyal, A. Comparative study of two most popular packet sniffing tools-Tcpdump and Wireshark. 2017 9th International Conference on Computational Intelligence and Communication Networks (CICN), (2017).[7]  Meghana, J., Subashri, T. &amp; Vimal, K. A survey on ARP cache poisoning and techniques for detection and mitigation. Signal Processing Communication and Networking (ICSCN). 2017 Fourth International Conference, (2017), pp. 1-6.[8]  Arzhakov, A. &amp; Silnov, D. Architecture of multithreaded network scanner. IEEE Micro/Nanotechnologies and Electron Devices (EDM) 2017 18th International Conference of Young specialists, (2017), pp. 43-45.[9]  Bhosale, D. &amp; Mane, V. Comparative study and analysis of network intrusion detection tools. 2015 International Conference on Applied and Theoretical Computing and Communication Technology (iCATccT), (2015).[10] Tirumala, S., Sathu, H. &amp; Sarrafzadeh, A. Free and open source intrusion detection systems. Machine Learning and Cybernetics (ICMLC) 2015 International Conference, (2015).[11] Albin, E. &amp; Rowe, N. A realistic experimental comparison of the suricata and snort intrusion -detection systems. Advanced Information Networking and Applications Workshops (WAINA) 26th International Conference, (2012).[12] Africa, A., Mesina, A., Izon, J. &amp; Quitevis, B. Development of a Novel Android Controlled USB File Transfer Hub. Journal of Telecommunication, Electronic and Computer Engineering, Vol. 9 (2-8), (2017), pp. 1-5.[13] SmartSniff. (2018). https://www.nirsoft.net/utils/smsniff.html.  [14] Wireshark. (2018).  https://www.wireshark.org/.[15] Windump. (2013). https://www.winpcap.org/windump/. [16] Dsniff, Dug Song. (2018). https://www.monkey.org/~dugsong/dsniff/.[17] Cain and Abel. (2018). http://www.oxid.it/cain.html. [18] Ettercap. (2018).  http://www.ettercap-project.org/ettercap/index.html. [19] Network grep. (2018).  http://ngrep.sourceforge.net/usage.html. [20] Nmap. (2018). https://nmap.org/. [21] Africa, A., Aguilar, J., Lim Jr., C., Pacheco, P. &amp; Rodrin, S. Automated Aquaculture System that Regulates Ph, Temperature and Ammonia. 9th International Conference on Humanoid, Nanotechnology, Information Technology, Communication and Control, Environment, and Management (HNICEM), (2017).[22]S.Dhar. (2018). http://www.just.edu.jo/~tawalbeh/nyit/incs745/presentations/Sniffers.pdf.  [23] A. Africa, A Rough Set-Based Expert System for diagnosing information system communication networks. International Journal of Information and Communication Technology, Vol. 11 (4), (2017), pp. 496-512.[24]Africa, A., Bautista, S., Lardizabal, F., Patron, J. &amp; Santos, A. Minimizing Passenger Congestion in Train Stations through Radio Frequency Identification (RFID) coupled with Database Monitoring System. ARPN Journal of Engineering and Applied Sciences, Vol. 12 (9), (2017), pp. 2863-2869.[25] Africa, A. &amp; Cabatuan, M. A Rough Set Based Data Model for Breast Cancer Mammographic Mass Diagnostics. International Journal of Biomedical Engineering and Technology, Vol. 18 (4), (2015), pp. 359-369.[26] Africa, A. A Rough Set Based Solar Powered Flood Water Purification System with a Fuzzy Logic Model. ARPN Journal of Engineering and Applied Sciences, Vol. 12 (3), (2017), pp. 638-647.[27] Africa, A. A Mathematical Fuzzy Logic Control  Systems Model Using Rough Set Theory for Robot Applications. Journal of Telecommunication, Electronic and Computer Engineering, Vol. 9 (2-8), (2017), pp. 7-11.[28] Brucal, S., Africa, A. &amp; Dadios, E. Female Voice Recognition using Artificial Neural Networks and MATLAB Voicebox Toolbox. Journal of Telecommunication, Electronic and Computer Engineering, Vol. 10 (1-4), (2018), pp. 133-138.[29] Africa, A. &amp; Velasco, J. Development of a Urine Strip Analyzer using Artificial Neural Network using an Android Phone. ARPN Journal of Engineering and Applied Sciences, Vol. 12 (6), (2017), pp. 1706-1712.[30] Loresco, P. &amp; Africa, A. ECG Print-out Features Extraction Using Spatial-Oriented Image Processing Techniques. Journal of Telecommunication, Electronic and Computer Engineering, Vol. 10 (1-5), (2018), pp. 15-20.[31] Snort. (2018). https://www.snort.org/. [32] Africa, A. A Logic Scoring of Preference Algorithm using ISO/IEC 25010:2011 for Open Source Web Applications Moodle and Wordpress. ARPN Journal of Engineering and Applied Sciences, Vol. 13 (15), (2018).[33]Suricata. (2018). https://suricata-ids.org/. [34] Gadde, S., Ganta, R., Gupta, A., Rao, R. &amp; Rao, K. Securing Internet of Things (IoT) Using Honey Pots. International Journal of Engineering and Technology, Vol. 7 (2.7), (2018), pp. 820-824.

The Address Resolution Protocol (ARP) is used by computers to map logical addresses (IP) to physical addresses (MAC). However ARP is an all trusting protocol and is stateless which makes it vulnerable to many ARP cache poisoning attacks such as Man-in-the-Middle (MITM) and Denial of service (DoS) attacks. These flaws result in security breaches thus weakening the appeal of the computer for exchange of sensitive data. In this paper we describe ARP, outline several possible ARP cache poisoning attacks and give the detailed of some attack scenarios in network having both wired and wireless hosts. We have analyzed each of proposed solutions, identify their strengths and limitations. Finally get that no solution offers a feasible solution. Hence, this paper presents an efficient and secure version of ARP that is able to cope up with all these types of attacks and is also a feasible solution. It is a stateful protocol, by storing the information of the Request frame in the ARP cache, to reduce the chances of various types of attacks in ARP. It is more efficient and secure by broadcasting ARP Reply frame in the network and storing related entries in the ARP cache each time when communication take place.

The increased adoption of the Internet Protocol (IP) in ICSs has made these systems vulnerable to the same security risks that are present in traditional IT environments. The legacy nature of ICSs and their unique operational requirements make them vulnerable to security threats that are different from those in IT environments. In this paper, we describe a protocol, named ArpON, which is able to wipe out in quasi real time any ARP cache poisoning attempt, thus making it ineffective. Contrarily to solutions presented in the literature for contrasting ARP cache poisoning, ArpON incurs in low operational costs, is backward compatible, transparent to the ARP protocol and does not use any HW feature nor cryptography functionality. We also model and validate ArpON in the OMNET + + network simulator. The simulation results show that ArpON is effective in avoiding ARP poisoning, and its communication overhead is negligible with respect to classical ARP protocol.

Even today, internet users&rdquo; data security remains a significant concern. One problem is ARP poisoning, otherwise referred to as ARP spoofing. Such attacks are intended to exploit the identified ARP protocol vulnerability. Despite no straightforward remedy for ARP spoofing being apparent, certain actions may be taken to maintain one&rdquo;s safety. The most basic and common defence against a poisoning attack is manually adding MAC and IP addresses to the static ARP cache table. However, this solution is ineffective for large networks where static entries require considerable time and effort to maintain, whether by human input or via special tools and settings for the static entries of network devices. Accordingly, this paper aimed to monitor network packet information and detect the behaviour of ARP poison attacks on operating systems, for instance Windows and Linux. The discovery and defence policy systematically and periodically check the MAC addresses in the ARP table, enabling alerts to be issued if a duplicate entry is detected. This enables the poison-IP address to be blocked before a reply is sent. Finally, the results showed that the superiority was successfully achieved in the detection, prevention and reporting mechanisms in the real-world environment.

Kepadatan trafik data pada jaringan menyebabkan timbulnya kemacetan atau congestion pada lalu lintas trafik data. Jika terjadi di jaringan internet publik, kondisi ini akan mengganggu kenyamanan pengguna. Seringkali kepadatan ini disebabkan oleh pengguna yang melakukan pengunduhan data dalam jumlah besar. Solusi yang sering digunakan untuk mengurangi kepadatan trafik ini adalah dengan memperbesar bandwidth atau menggunakan metode seperti traffic policing serta queue management. Permasalahannya, solusi ini sulit diterapkan untuk organisasi skala kecil seperti sekolah atau pemerintahan desa yang tidak memiliki sumber dana yang besar untuk teknologi ini. Penelitian ini bertujuan untuk memodifikasi perangkat lunak sumber terbuka bernama Tuxcut untuk dimanfaatkan sebagai teknik pembatasan bandwidth dengan biaya murah. Dari hasil penelitian, didapatkan bahwa penerapan modifikasi perangkat lunak ini dapat digunakan untuk membatasi penggunaan bandwidth.

AbstractProgrammable networking is evolving from programmable control plane solutions such as OpenFlow-based software-defined networking (SDN) to programmable data planes such as P4-based SDN. To support the functionality of the SDN, the correct view of the network topology is required. However, multiple attacks aimed at topology poisoning have been demonstrated in SDNs. While several controller-centralised security solutions have been proposed to defeat topology poisoning attacks, some attacks e.g., the Data Plane ARP Cache Poisoning Attack and the relay-type Link Fabrication Attack are difficult to detect using a fully centralised security solution. In this paper, we present the Security-Aware Programmable (SECAP) Switch—a lightweight, in-network, P4-based security solution that is designed to prevent attacks that might otherwise evade control plane solutions. The SECAP switch verifies source address details contained within the headers of protocols commonly used to perform topology poisoning attacks. This function is supported by a novel variance-based anomaly detection solution to provide a layered defence. We demonstrate the ability of the SECAP switch to defeat topology poisoning attacks with minimal memory and processing overhead.

While network attacks play a critical role in many advanced persistent threat (APT) campaigns, an arms race exists between the network defenders and the adversary: to make APT campaigns stealthy, the adversary is strongly motivated to evade the detection system. However, new studies have shown that neural network is likely a game-changer in the arms race: neural network could be applied to achieve accurate, signature-free, and low-false-alarm-rate detection. In this work, we investigate whether the adversary could fight back during the next phase of the arms race. In particular, noticing that none of the existing adversarial example generation methods could generate malicious packets (and sessions) that can simultaneously compromise the target machine and evade the neural network detection model, we propose a novel attack method to achieve this goal. We have designed and implemented the new attack. We have also used Address Resolution Protocol (ARP) Poisoning and Domain Name System (DNS) Cache Poisoning as the case study to demonstrate the effectiveness of the proposed attack.

IP based voice transmission technology is a flexible, simpler and a cost effective implementation of voice transmission. It provides a real convergence of various networks. This voice transmission technology does not support a quality that is equivalent to digitized voice, which is available in the existing PSTN networks. In addition to this, data network vulnerabilities affect the VOIP service causing a drop in the utilization of voice communication. In this paper, the quality of service for voice calls is ensured with the integration of CAC mechanism with the bandwidth link utilization which makes an estimation of the demanded bandwidth. In terms of security, prevention of ARP cache poisoning attack is achieved by use of the signed MAC address response in local area networks. It makes the network confident that the admitted user is an authorized user and also it verifies that only the authorized users&rsquo; information is exchanged over the local area network. Also an approach that makes it difficult for the hacker&rsquo;s to hack the data exchanged over the quality channel has been proposed.