To see the other types of publications on this topic, follow the link: MAC address spoofing.
Journal articles on the topic 'MAC address spoofing'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 47 journal articles for your research on the topic 'MAC address spoofing.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Nasser, Hiba Imad, and Mohammed Abdulridha Hussain. "Defending a wireless LAN against ARP spoofing attacks using a Raspberry Pi." Basrah Researches Sciences 48, no. 2 (2022): 123–35. http://dx.doi.org/10.56714/bjrs.48.2.12.
Full textAbstract:
The Address Resolution Protocol (ARP) is a protocol that converts Internet Protocol (IP) addresses to Media Access Control (MAC) addresses. Due to a security issue known as "Man in the Middle," identity theft is feasible using the ARP protocol. ARP spoofing is one of the weaknesses in wireless networks when an attacker effectively masquerades as a legitimate one. Spoofing attacks will reduce network performance and break several security measures. In networks that use MAC address-based filtering to verify clients, all a spoofer needs is an actual MAC address from an authorised client to gain an unfair advantage. The research recommends developing a security system recognising and preventing ARP spoofing attacks. This system detects ARP spoofing attempts by comparing the static MAC address of the original router to the router's MAC address in the ARP cache table. After detecting the attack using information collected from the router's MAC address in the ARP cache table, the system will conduct a de-authentication attack against the attacker's MAC address. If the attacker is disconnected from the WLAN, they cannot perform ARP spoofing attacks. This system is operated using a Raspberry Pi Model B. Most ARP spoofing attacks can be detected in 0.93 seconds, and responding takes 3.05 seconds.
2
Jain, Lalit. "Computer Network: An Implementation of MAC Spoofing." International Journal of Engineering and Computer Science 12, no. 05 (2023): 25717–21. http://dx.doi.org/10.18535/ijecs/v12i05.4733.
Full textAbstract:
An exponential growth has observed of network or internet users due to diverse resource and information sharing services. Contrary, network uses also increased in different kinds of attacks. Means network is vulnerable for many types of attacks. Computer network may exploit in different contexts such as denial of service, ping death, malfunction routing, flooding, man in the middle and spoofing attack. Among of these MAC spoofing is kind of attack spoofing attack that target to MAC or physical address of the network host or router. It tampers original address to any other random or user defined address. The aim of the study is to present MAC address and its types. With this, MAC spoofing attack also presented. Implementation environment and method for the MAC spoofing also presented. MAC spoofing is implemented in the KALI Linux operating system with the help of MACCHANGER tool.
3
Herman, Rusyadi Umar, and Agus Prasetyo. "Analysis of Address Resolution Protocol Poisoning Attacks on Mikrotik Routers Using Live Forensics Methods." International Journal of Engineering Business and Social Science 3, no. 4 (2025): 1–18. https://doi.org/10.58451/ijebss.v3i4.231.
Full textAbstract:
The rapid development of wireless technology has made network communication more accessible but also increasingly vulnerable to security threats. One of the major threats is the Man-in-the-Middle (MitM) Attack, particularly ARP Spoofing, which manipulates the Address Resolution Protocol (ARP) to intercept or alter network traffic. ARP Spoofing, also known as ARP Poisoning, allows attackers to associate incorrect MAC addresses with IP addresses, enabling unauthorized access and potential data interception. This research focuses on the detection and investigation of ARP Spoofing on MikroTik routers using live forensic methods. The study utilizes Wireshark as a primary tool to monitor ARP-based network activity and identify anomalies indicative of ARP Spoofing attacks. The National Institute of Standards and Technology (NIST) forensic framework, which includes Collection, Examination, Analysis, and Reporting, is employed as a methodology for analyzing forensic evidence. The research also incorporates a virtualized attack simulation environment using VirtualBox, where a PC Client acts as the target, an attacker PC executes an ARP Spoofing attack using Ettercap, and Wireshark captures network traffic for forensic examination. The simulation results reveal that an ARP Spoofing attack can successfully manipulate network traffic by altering ARP table entries. The attacker assumes the identity of IP Address 192.168.0.1 with MAC Address e8-cc-18-41-3f-fb, while the target’s identity is duplicated as 192.168.0.19 with MAC Address 08:00:27:15:4c:3c, as confirmed through Wireshark analysis and ARP table inspection using the command prompt. These findings emphasize the importance of implementing proactive security measures, such as Dynamic ARP Inspection (DAI), encryption protocols, and continuous network monitoring, to mitigate the risks associated with ARP Spoofing attacks.
4
Nasser, Hiba, and Mohammed Hussain. "An Effective Approach to Detect and Prevent ARP Spoofing Attacks on WLAN." Iraqi Journal for Electrical and Electronic Engineering 19, no. 2 (2023): 8–17. http://dx.doi.org/10.37917/ijeee.19.2.2.
Full textAbstract:
Address Resolution Protocol (ARP) is used to resolve a host’s MAC address, given its IP address. ARP is stateless, as there is no authentication when exchanging a MAC address between the hosts. Hacking tactics using ARP spoofing are constantly being abused differently; many previous studies have prevented such attacks. However, prevention requires modification of the underlying network protocol or additional expensive equipment, so applying these methods to the existing network can be challenging. In this paper, we examine the limitations of previous research in preventing ARP spoofing. In addition, we propose a defense mechanism that does not require network protocol changes or expensive equipment. Before sending or receiving a packet to or from any device on the network, our method checks the MAC and IP addresses to ensure they are correct. It protects users from ARP spoofing. The findings demonstrate that the proposed method is secure, efficient, and very efficient against various threat scenarios. It also makes authentication safe and easy and ensures data and users’ privacy, integrity, and anonymity through strong encryption techniques.
5
Ashok, Bawge, and Joshi Dr.Harish. "Identifying ARP Spoofing Through Active Strategies." Research and Applications: Emerging Technologies 7, no. 2 (2025): 21–27. https://doi.org/10.5281/zenodo.15573429.
Full textAbstract:
<em>Due to its stateless nature and absence of authentication mechanisms to verify sender identity, the Address Resolution Protocol (ARP) has long been susceptible to spoofing attacks. ARP spoofing often serves as a gateway to more advanced attacks on local area networks, such as denial of service, man-in-the-middle, and session hijacking. Most existing detection methods adopt a passive approach by monitoring ARP traffic for anomalies in the IP-to-Ethernet address mappings. However, this strategy suffers from a delayed response time, often identifying an attack only after it has already caused harm. In this paper, we introduce an active detection technique for ARP spoofing. By injecting ARP request and TCP SYN packets into the network, we proactively probe for mismatches in address mappings. Compared to passive methods, our approach is faster, more intelligent, scalable, and reliable. Additionally, it enhances accuracy in identifying the true MAC-to-IP address associations during an attack scenario.</em>
6
Hammal, Mangal Muhammad Usman. "Detection and Mitigation of MAC Spoofing." LC International Journal of STEM 1, no. 2 (2020): 1–5. https://doi.org/10.5281/zenodo.5010206.
Full textAbstract:
Wireless Local Area Network (WLAN) are generally utilized and getting more in number step by step because of the simplicity of spread signs, quality, and quality. WLAN is additionally simple to actualize in any association. Without any difficulty of utilization, the remote system is likewise simple to produce or bargain because of some shortcoming. Macintosh satirizing is one of the provoking system to be maintained a strategic distance from Macintosh satirizing because conveyable due to devices used to produce the MAC address of system card on the product level. Approval with MAC address got dubious. To beat this issue, we proposed a structure in which client approval process completed by getting three one of kind boundaries of the machine, get hashed and contrasted and the database.
7
Ali, Hamid Mohamed, and Ammna Mohamed Abbas. "New Approach in Detection MAC Spoofing in a WiFi LAN." Journal of Engineering 20, no. 08 (2023): 142–55. http://dx.doi.org/10.31026/j.eng.2014.08.09.
Full textAbstract:
Medium Access Control (MAC) spoofing attacks relate to an attacker altering the manufacturer assigned MAC address to any other value. MAC spoofing attacks in Wireless Fidelity (WiFi) network are simple because of the ease of access to the tools of the MAC fraud on the Internet like MAC Makeup, and in addition to that the MAC address can be changed manually without software. MAC spoofing attacks are considered one of the most intensive attacks in the WiFi network; as result for that, many MAC spoofing detection systems were built, each of which comes with its strength and weak points. This paper logically identifies and recognizes the weak points and masquerading paths that penetrate the up-to-date existing detection systems. Then the most effective features of the existing detection systems are extracted, modified and combined together to develop more powerful detection system called Sequence Number with Rate and Signal Strength detection method (SN-R-SS).
 SN-R-SS consists from three phases. First phase is Window Sequence Numbers; to detect suspicious spoofed frames in the network. Second phase is Transmission Rate Analysis; to reduce the amount of the suspicious spoofed frames that are generated from the first phase. Finally, the third phase is Received Signal Strength; this phase is decisive phase because it decides whether the suspicious spoofed frames are spoofed or not. Commview for WiFi network monitor and analyzer is used to capturing frames from the radio channals. Matlab software has been used to implement various computational and mathematical relations in SN-R-SS. This detection method does not work in a real time because it needs a lot of computation.
8
Kurabalakota, Gowthami, Divya Pasham, and Kanishka G. "ARP Spoofing in Action: An Ethical Approach to Network Security." International Research Journal of Innovations in Engineering and Technology 09, Special Issue (2025): 245–49. https://doi.org/10.47001/irjiet/2025.inspire39.
Full textAbstract:
ARP spoofing is a serious problem for network security. It allows hackers to trick a network by linking their own MAC address to a real device’s IP address. This lets them steal, change, or block network traffic. Hackers can use this to launch attacks like Man in the Middle, session hijacking, and Denial of service. Old methods to detect ARP spoofing, like fixed IP-MAC lists and ICMP checks, do not work well in large or real-time systems. This paper suggests a smart way to find and stop ARP spoofing using Bettercap and Deep Packet Inspection (DPI). Bettercap watches ARP traffic in real time, while DPI carefully checks network packets for unusual activity. Together, these tools quickly and accurately detect ARP spoofing with little impact on network speed. The system keeps an eye on ARP messages, deeply examines packet details, and finds suspicious changes. When it detects an attack, it blocks harmful packets, fixes the ARP table with correct information, and informs network admins.
9
Tommi Alfian Armawan Sandi, Firmansyah Firmansyah, Sari Dewi, Eka Kusuma Pratama, and Rachmawati Darma Astuti. "Comparison of Port Security Switch Layer 2 MAC Address Dynamic With MAC Address Static Sticky." Inspiration: Jurnal Teknologi Informasi dan Komunikasi 12, no. 2 (2022): 65–75. http://dx.doi.org/10.35585/inspir.v12i2.8.
Full textAbstract:
Security and stability in a network service is a top priority for a network administrator. The slightest security vulnerability can make a very big threat in the stability of network services. The rise of cybercrime that intercepts access to a network service by performing ARP spoofing to imitate a client who has the right to access the network, with this happening it can be detrimental and disrupt network services. The application of MAC Address filtering to access network services is able to minimize the occurrence of cybercrime in the network. The filtering technique used is by registering the MAC address of each network service user who will connect to the network. This technique is able to recap the MAC Address on each device in the MAC Address table and is able to block access to clients whose MAC addresses are not registered. The test results obtained for the comparison of MAC Address filtering security using Dynamic with sticky MAC addresses are that the implementation of port security static sticky is considered better than the implementation of dynamic port security, where if there is a new client trying to access the network and the client's mac address is not registered then the client absolutely does not get access to network services.
10
Stepanov, P. P., G. V. Nikonova, T. S. Pavlyuchenko, and V. V. Soloviev. "Features of Address Resolution Protocol Operation in Computer Networks." Programmnaya Ingeneria 13, no. 5 (2022): 211–18. http://dx.doi.org/10.17587/prin.13.211-218.
Full textAbstract:
The paper analyzes the network protocols of computer networks to identify potential vulnerabilities at the software level. The conditions for carrying out a man-in-the-middle attack in networks using the Address Resolution Protocol (ARP) are investigated. Such attacks are of a rather dangerous type, since they are based on the shortcomings of the ARP protocol. A detailed analysis of the stages of the attack and the sequence of impact on the attacked node is given. The technology of ARP spoofing (poisoning) and methods that allow one to infiltrate an existing connection and communication process are examined in detail. An implementation of an ARP spoofing attack in the Python and C# programming languages using the Soapy and SharpPcap libraries is presented. Examples of implementation of denial-of-service (DoS) attacks in a peer-to-peer network using the ARP protocol in C# are given. The article also describes examples of man-in-the-middle attacks associated with various protocols and infiltration into the address space of routers, such as DHCP (a protocol that dynamically assigns an IP address to a client computer) spoofing and ICMP (Internet Control Message Protocol) redirection. Methods for hacking a router and substituting a MAC address and examples of scripts that implement: sending a fake ARP packet; a function for performing a DoS attack; changing the Linux MAC address; router hacks, are presented in the article.
11
Rahim, Muheez A., Bilkisu Jimada-Ojuolape, Monsurat O. Balogun, and Lambe M. Adesina. "Security analysis in wireless networks." Caliphate Journal of Science and Technology 7, no. 1 (2025): 1–11. https://doi.org/10.4314/cajost.v7i1.01.
Full textAbstract:
Wireless networks have become essential to our daily lives, providing connectivity for a wide range of devices. However, with the increasing use of wireless networks, security has become a major concern. Media Access Control (MAC) address flooding, Dynamic Host Configuration Protocol (DHCP) spoofing, and rogue Secure Shell (SSH) are some of the most common security threats in wireless networks. These attacks can cause loss of confidentiality, integrity, and availability of network resources. In this study, vulnerabilities and challenges related to MAC address flooding, DHCP spoofing, and rogue SSH attacks were investigated. Analysis of the solution to prevent and mitigate these attacks was performed by network simulation using the Cisco Packet Tracer Windows version 8.1.1. The system design would provide a user-friendly interface for network administrators to monitor their networks and check for anomalies. The analysis indicated that Port Security effectively limited unauthorized MAC addresses, DHCP snooping successfully blocked illegitimate DHCP responses, and Access Control Lists restricted rogue SSH access, supporting these methods as optimal solutions for mitigating the respective security threats.
12
Zhu, Zhi Yu. "Simulation Based on OPNET and within IPv6 Real Source Address Authentication." Applied Mechanics and Materials 246-247 (December 2012): 394–97. http://dx.doi.org/10.4028/www.scientific.net/amm.246-247.394.
Full textAbstract:
According to the RFC5210 standard SAVA architecture, This paper designed a certification program within the source address based on MAC address of IPv6.Use the OPNET Simulation the network performance (server delay and load) under normal state and dos attack state .The results show that the program could be effective in preventing a single degree of autonomy within the source address spoofing, and improve network stability.
13
Alotaibi, Bandar, and Khaled Elleithy. "A New MAC Address Spoofing Detection Technique Based on Random Forests." Sensors 16, no. 3 (2016): 281. http://dx.doi.org/10.3390/s16030281.
Full text
14
Wijayanto, Agus, Imam Riadi, and Yudi Prayudi. "TAARA Method to Processing on the Network Forensics in the Event of an ARP Spoofing Attack." Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi) 7, no. 2 (2023): 208–2017. http://dx.doi.org/10.29207/resti.v7i2.4589.
Full textAbstract:
According to reports in 2021 by Kaspersky, requests for investigations into suspicious network activity, such as ARP Spoofing, which can result in sophisticated attacks, reached up to 22%. Several difficulties with examining network systems have been overcome thanks to network forensic investigations. This study aims to perform a network forensic analysis of ARP spoofing attacks using Wireshark forensic tools and Network Miner with a sniffer design process to capture traffic on the router side. In order to gather reliable evidence, this study employs the TAARA method as a network forensic investigation process. Based on the research conducted, it can be demonstrated that an attack took place from eight PCAP files. The information that was gathered, such as the IP address and MAC address of the attacker, the IP address and MAC address of the target, and the date and time of the attack are examples of evidence information that was gathered. This study also shows that network forensic operations can use the Wireshark forensic tool to obtain more detailed data.
15
Nasser, Hiba Imad, and Mohammed Abdulridha Hussain. "Provably curb man-in-the-middle attack-based ARP spoofing in a local network." Bulletin of Electrical Engineering and Informatics 11, no. 4 (2022): 2280–91. http://dx.doi.org/10.11591/eei.v11i4.3810.
Full textAbstract:
Even today, internet users’ data security remains a significant concern. One problem is ARP poisoning, otherwise referred to as ARP spoofing. Such attacks are intended to exploit the identified ARP protocol vulnerability. Despite no straightforward remedy for ARP spoofing being apparent, certain actions may be taken to maintain one’s safety. The most basic and common defence against a poisoning attack is manually adding MAC and IP addresses to the static ARP cache table. However, this solution is ineffective for large networks where static entries require considerable time and effort to maintain, whether by human input or via special tools and settings for the static entries of network devices. Accordingly, this paper aimed to monitor network packet information and detect the behaviour of ARP poison attacks on operating systems, for instance Windows and Linux. The discovery and defence policy systematically and periodically check the MAC addresses in the ARP table, enabling alerts to be issued if a duplicate entry is detected. This enables the poison-IP address to be blocked before a reply is sent. Finally, the results showed that the superiority was successfully achieved in the detection, prevention and reporting mechanisms in the real-world environment.
16
Hafizh, M. Nasir, Imam Riadi, and Abdul Fadlil. "Forensik Jaringan Terhadap Serangan ARP Spoofing menggunakan Metode Live Forensic." Jurnal Telekomunikasi dan Komputer 10, no. 2 (2020): 111. http://dx.doi.org/10.22441/incomtech.v10i2.8757.
Full textAbstract:
Pada jaringan komputer, protokol yang bertugas untuk untuk menerjemahkan IP address menjadi MAC Address adalah Address Resolution Protocol (ARP). Sifat stateless pada protokol ARP, menyebabkan protokol ARP memiliki celah dari segi keamanan. Celah ini dapat menimbulkan serangan terhadap ARP Protocol, disebabkan karena ARP request yang dikirimkan secara broadcast, sehingga semua host yang berada pada satu broadcast domain dapat merespon pesan ARP tersebut walaupun pesan tersebut bukan ditujukan untuknya. Serangan inilah yang biasa disebut dengan ARP Spoofing. Serangan ini dapat berimbas pada serangan-serangan yang lain, seperti serangan Man In The Middle Attack, Packet Sniffing, dan Distributed Denial of Service. Metode Live Forensic digunakan untuk mengidentifikasi dan mendeteksi serangan ketika sistem dalam keadaan menyala. Berdasarkan hasil penelitian yang dilakukan terbukti bahwa dengan penggunaan metode Live Forensics, investigator dapat dengan cepat mendeteksi suatu serangan dan mengidentifikasi penyerangnya.
17
Shah, Zawar, and Steve Cosgrove. "Mitigating ARP Cache Poisoning Attack in Software-Defined Networking (SDN): A Survey." Electronics 8, no. 10 (2019): 1095. http://dx.doi.org/10.3390/electronics8101095.
Full textAbstract:
Address Resolution Protocol (ARP) is a widely used protocol that provides a mapping of Internet Protocol (IP) addresses to Media Access Control (MAC) addresses in local area networks. This protocol suffers from many spoofing attacks because of its stateless nature and lack of authentication. One such spoofing attack is the ARP Cache Poisoning attack, in which attackers poison the cache of hosts on the network by sending spoofed ARP requests and replies. Detection and mitigation of ARP Cache Poisoning attack is important as this attack can be used by attackers to further launch Denial of Service (DoS) and Man-In-The Middle (MITM) attacks. As with traditional networks, an ARP Cache Poisoning attack is also a serious concern in Software Defined Networking (SDN) and consequently, many solutions are proposed in the literature to mitigate this attack. In this paper, a detailed survey on various solutions to mitigate ARP Cache Poisoning attack in SDN is carried out. In this survey, various solutions are classified into three categories: Flow Graph based solutions; Traffic Patterns based solutions; IP-MAC Address Bindings based solutions. All these solutions are critically evaluated in terms of their working principles, advantages and shortcomings. Another important feature of this survey is to compare various solutions with respect to different performance metrics, e.g., attack detection time, ARP response time, calculation of delay at the Controller etc. In addition, future research directions are also presented in this survey that can be explored by other researchers to propose better solutions to mitigate the ARP Cache Poisoning attack in SDN.
18
Chai, Tze Uei, Hock Guan Goh, Soung-Yue Liew, and Vasaki Ponnusamy. "Protection Schemes for DDoS, ARP Spoofing, and IP Fragmentation Attacks in Smart Factory." Systems 11, no. 4 (2023): 211. http://dx.doi.org/10.3390/systems11040211.
Full textAbstract:
Industry Revolution 4.0 connects the Internet of Things (IoT) resource-constrained devices to Smart Factory solutions and delivers insights. As a result, a complex and dynamic network with a vulnerability inherited from the Internet becomes an attractive target for hackers to attack critical infrastructures. Therefore, this paper selects three potential attacks with the evaluation of the protections, namely (1) distributed denial of service (DDoS), (2) address resolution protocol (ARP) spoofing, and (3) Internet protocol (IP) fragmentation attacks. In the DDoS protection, the F1-score, accuracy, precision, and recall of the four-feature random forest with principal component analysis (RFPCA) model are 95.65%, 97%, 97.06%, and 94.29%, respectively. In the ARP spoofing, a batch processing method adopts the entropy calculated in the 20 s window with sensitivity to network abnormalities detection of various ARP spoofing scenarios involving victims’ traffic. The detected attacker’s MAC address is inserted in the block list to filter malicious traffic. The proposed protection in the IP fragmentation attack is implementing one-time code (OTC) and timestamp fields in the packet header. The simulation shows that the method detected 160 fake fragments from attackers among 2040 fragments.
19
Sari, Linna Oktaviana, Ery Safrianti, and Defvi Wahyuningtias. "Analisis Keamanan Jaringan Berbasis Point to Point Protocol Over Ethernet (PPPoE) Menggunakan Mikrotik." MALCOM: Indonesian Journal of Machine Learning and Computer Science 4, no. 3 (2024): 943–54. http://dx.doi.org/10.57152/malcom.v4i3.1301.
Full textAbstract:
Keamanan jaringan adalah proses tindakan untuk melindungi jaringan untuk menghindari berbagai jenis serangan dan pelanggaran data, seperti mencegah serangan cyber, kontrol akses, mendeteksi perangkat lunak berbahaya dan tindakan keamanan lainnya. Jaringan LAN memiliki protokol yang disebut Address Resolusi Protocol (ARP). ARP merupakan protokol yang sangat mudah untuk dieksploitasi karena paket transaksi ARP dapat dimanipulasi oleh komputer manapun. Serangan ARP spoofing dapat dieksploitasi pada kerentanan ini. Untuk mengamankan jaringan lokal dari serangan ARP Spoofing, diperlukan mekanisme keamanan yang dapat meminimalkan risiko eksploitasi protokol komunikasi dalam jaringan. Maka pada penelitian ini dilakukan analisa keamanan jaringan berbasis PPPoE dengan menggunakan Mikrotik sebagai cara terbaik untuk mengatasi permasalahan keamanan jaringan. Untuk mengetahui performa PPPoE dari segi keamanan, dilakukan pengujian dengan serangan ARP spoofing menggunakan tools netcut. Pengujian dilakukan sebelum dan sesudah penerapan PPPoE dengan hasil sebelum penerapan PPPoE diperoleh informasi mengenai alamat IP, alamat MAC dan nama perangkat pengguna yang terhubung sehingga dapat dilakukan cut-off. Sedangkan setelah penerapan PPPoE, pengguna yang terhubung ke jaringan PPPoE tidak terdeteksi sehingga cut-off tidak dapat dilakukan.
20
Sudaryanto and Dwi Nugraheny. "ANALISIS TRANSFER DATA PADA JARINGAN TERDAMPAK ARP SPOOFING MENGGUNAKAN METODE ARP POISONING DAN STATISTIK DESKRIPTIF." INDONESIAN JOURNAL ON DATA SCIENCE 2, no. 1 (2024): 10–18. http://dx.doi.org/10.30989/ijds.v2i1.1375.
Full textAbstract:
This Computer network security issues are very important and need to be considered in the development of computer networks. Networks connected to network devices are usually vulnerable to hacking. Hacking is an activity that allows a person or group to change or take data for personal gain. The aim of this research is to carry out testing and analysis to determine the condition and measure the level of security of the ITDA Yogyakarta intra-campus information system and computer network. Describe security gaps and measure the level of security that needs to be immediately repaired so that it can help correct failures in maintaining the security of ITDA Yogayakarta intra-campus information systems and networks. This research uses descriptive statistics with 20 PC units as samples. There were four tests in this study with a total success of 16 out of 20 samples. From the results of Arp spoofing on the local network, it can be concluded that after the local network is infiltrated by an attacker using the ARP spoofing method, the target traffic will be redirected to the attacker's device. This can allow attackers to monitor and understand the contents of data traffic on the local network. Changing the attacker's MAC address is very necessary because if the MAC is not replaced then network traffic will not be redirected to the attacker's device.
21
Emmanuel, Asituha. "A comprehensive survey of performance, security and privacy issues in the network interface layer of the TCP/IP." GSC Advanced Research and Reviews 18, no. 3 (2024): 208–33. https://doi.org/10.5281/zenodo.11217357.
Full textAbstract:
The network interface layer of the TCP/IP protocol suite, primarily comprised of the Internet Protocol (IP), serves as the backbone of modern internet communication. With its efficient data delivery, The network interface layer, presents key challenges in terms of performance, security, and privacy. This comprehensive survey delves into these three crucial aspects, analyzing the inherent vulnerabilities, limitations of the interface layer, and provide solutions of the related problems. The performance analysis explores throughput, latency, and bandwidth constraints, along with solutions such as bandwidth allocation and optimization techniques. Vulnerabilities within Network Interface Layer, including denial-of-service attacks and MAC address spoofing, are discussed, along with a review of existing security mechanisms. Privacy flaws are examined, covering MAC address tracking, profiling risks, and anonymization techniques, while also addressing privacy considerations on the Internet of Things. The survey analyzes several case studies providing comparative analysis of the network interface layer protocols, with support of the real world scenarios including performance analysis in high density environment, and security and privacy risks in smart homes networks. The findings provide a comprehensive understanding of the complexities surrounding performance, security, and privacy issues future directions and potential solutions.
22
Emmanuel Asituha. "A comprehensive survey of performance, security and privacy issues in the network interface layer of the TCP/IP." GSC Advanced Research and Reviews 18, no. 3 (2024): 208–33. http://dx.doi.org/10.30574/gscarr.2024.18.3.0112.
Full textAbstract:
The network interface layer of the TCP/IP protocol suite, primarily comprised of the Internet Protocol (IP), serves as the backbone of modern internet communication. With its efficient data delivery, The network interface layer, presents key challenges in terms of performance, security, and privacy. This comprehensive survey delves into these three crucial aspects, analyzing the inherent vulnerabilities, limitations of the interface layer, and provide solutions of the related problems. The performance analysis explores throughput, latency, and bandwidth constraints, along with solutions such as bandwidth allocation and optimization techniques. Vulnerabilities within Network Interface Layer, including denial-of-service attacks and MAC address spoofing, are discussed, along with a review of existing security mechanisms. Privacy flaws are examined, covering MAC address tracking, profiling risks, and anonymization techniques, while also addressing privacy considerations on the Internet of Things. The survey analyzes several case studies providing comparative analysis of the network interface layer protocols, with support of the real world scenarios including performance analysis in high density environment, and security and privacy risks in smart homes networks. The findings provide a comprehensive understanding of the complexities surrounding performance, security, and privacy issues future directions and potential solutions.
23
Lema, Hussein, Fatuma Simba, and Joseph Mushi. "Security Enhancement of SIP Protocol in VoIP Communication." Journal of ICT Systems 1, no. 2 (2023): 71–92. http://dx.doi.org/10.56279/jicts.v1i2.32.
Full textAbstract:
In Voice over IP (VoIP) systems, calls are started, maintained, and ended using the Session Initiation Protocol (SIP). One of the SIP flaws is the lack of enough data to validate users, and its contents can be changed to fake the Caller Identification (CID). Fake CID can be used by hackers to trick receivers and obtain valuable materials. Existing solutions have a number of faults, including the use of more network resources, the use of insufficient data to identify fake CID, and high call setup delay for caller and callee during the validation process. This work presents an algorithm to enhance SIP protocol security to mitigate the flaws of the previous solutions that are used to address CID spoofing. By using the Media Access Control (MAC) address, the algorithm can validate the CID and warn the callee for the fake CID. The algorithm was developed and tested by using Mininet, Python based open source OpenFlow (POX) controller, SIPp simulator, Linphone softphone, and freePBX. All faked CID were detected and receivers were alerted on the linphone screen. Session setup delay obtained are within the 15.1 ms to 27.3 ms, which are within the acceptable Quality of Service (QoS) ranges.
24
Najjar, Firas, Qusay Bsoul, and Hasan Al-Refai. "An Analysis of Neighbor Discovery Protocol Attacks." Computers 12, no. 6 (2023): 125. http://dx.doi.org/10.3390/computers12060125.
Full textAbstract:
Neighbor Discovery Protocol (NDP) is a network protocol used in IPv6 networks to manage communication between neighboring devices. NDP is responsible for mapping IPv6 addresses to MAC addresses and discovering the availability of neighboring devices on the network. The main risk of deploying NDP on public networks is the potential for hackers or attackers to launch various types of attacks, such as address spoofing attacks, denial-of-service attacks, and man-in-the-middle attacks. Although Secure Neighbor Discovery (SEND) is implemented to secure NDP, its complexity and cost hinder its widespread deployment. This research emphasizes the potential hazard of deploying IPv6 networks in public spaces, such as airports, without protecting NDP messages. These risks have the potential to crash the entire local network. To demonstrate these risks, the GNS3 testbed environment is used to generate NDP attacks and capture the resulting packets using Wireshark for analysis. The analysis results reveal that with just a few commands, attackers can execute various NDP attacks. This highlights the need to protect against the potential issues that come with deploying IPv6 on widely accessible public networks. In addition, the analysis result shows that NDP attacks have behavior that can be used to define various NDP attacks.
25
Hermanto, Dedy, and M. Syaiful Anam. "Implementasi Sistem Keamanan Hotspot Jaringan Menggunakan Metode OpenSSL (Secure Socket Layer)." Jurnal CoreIT: Jurnal Hasil Penelitian Ilmu Komputer dan Teknologi Informasi 6, no. 1 (2020): 57. http://dx.doi.org/10.24014/coreit.v6i1.8394.
Full textAbstract:
Keamanan jaringan wireless pada perangkat access point yang sering digunakan adalah metode WEP/WPA/WPA2. Hampir semua pengguna jaringan wireless rata-rata mengimplemetasikan perangkat access pointnya dengan menggunakan metode tersebut. Metode tersebut dikenal baik dalam hal kemampuan pengamanan security jaringan wireless tetapi metode WEP/WPA/ WPA2 masih bisa ditembus oleh aplikasi hacking dengan metode brute-force attack dan dictionary. Proses penelitian ini menggunakan metode action research, yang bertujuan untuk mengembangkan metode kerja yang paling efisien. Dimana akan dilakukan diagnosa, rencana tindakan, tindakan, evaluasi, dan pembelajaran. Salah satu solusi keamanan wireless hotspot adalah dengan menerapkan Metode SSL (Secure Socket Layer). Metode SSL (Secure Socket Layer) telah banyak digunakan untuk pengamanan website yang membutuhkan pengamanan tingkat tinggi seperti website perbankan, hosting, jual beli online dan sebagainya yang biasanya pada website tersebut menggunakan protocol HTTPS ( Hyper Text Transfer Protocol Secure). Proses pengujian yaitu sniffing, untuk membobol user dan password login dan konsep duplikasi mac address atau yang dikenal dengan nama ARP spoofing dalam pengujian keamanan jaringan wireless dengan metode Secure Socket Layer (SSL). Hasil yang diperoleh bahwa sistem ini dapat mengamankan jaringan hotspot internet dengan lebih aman dan tidak mudah untuk di tembus
26
Ariyadi, Tamsir, and M. Rizky Pohan. "Implementation of Penetration Testing Tools to Test Wi-Fi Security Levels at the Directorate of Innovation and Business Incubators." Jurnal Penelitian Pendidikan IPA 9, no. 12 (2023): 10768–75. http://dx.doi.org/10.29303/jppipa.v9i12.5551.
Full textAbstract:
Wi-Fi networks have become a critical infrastructure in many organisations, including the Directorate of Innovation and Business Incubator. However, potential vulnerabilities in Wi-Fi networks also increase as technology advances. Therefore, testing is needed to identify and address security that can harm network users. This research aims to implement penetration testing tools in testing the security level of Wi-Fi networks at the Directorate of Innovation and Business Incubator. The penetration testing method is used to test security and assess the level of resistance to attacks on Wi-Fi in the form of simulated attacks. One of the operating systems that provides penetration testing tools that meet the needs of testing is linux times. The tools used in the penetration testing process are airmon-ng, airodump-ng, aireplay-ng, aircrack-ng, macchanger, ettercap and wireshark. The results showed that the Wi-Fi security of the Directorate of Innovation and Business Incubator still needs to be improved where the results of the four types of attacks only one failed, namely MAC Spoofing. In addition, the tests on Denial of Service, Cracking the Encryption, and Man-in-the-Middle attacks were successful. The application of anticipation by increasing Wi-Fi security based on the attacks that have been carried out can prevent these attacks.
27
Korolkov, Roman. "AN ATTACK SCENARIO USING A ROGUE ACCESS POINT IN IEEE 802.11 NETWORKS." Cybersecurity: Education, Science, Technique 3, no. 11 (2021): 144–54. http://dx.doi.org/10.28925/2663-4023.2021.11.144154.
Full textAbstract:
One of the most serious security threats to wireless local area networks (WLANs) in recent years is rogue access points that intruders use to spy on and attack. Due to the open nature of the wireless transmission medium, an attacker can easily detect the MAC addresses of other devices, commonly used as unique identifiers for all nodes in the network, and implement a spoofing attack, creating a rogue access point, the so-called "Evil Twin". The attacker goal is to connect legitimate users to a rogue access point and gain access to confidential information. This article discusses the concept, demonstrates the practical implementation and analysis of the “Evil Twin” attack. The algorithm of the intruder's actions, the scenario of attack on the client, and also procedure for setting up the program-implemented rogue access point is shown. It has been proven that the implementation of the attack is possible due to the existence of several access points with the same service set identifier and MAC address in the same area, allowed by 802.11 standard. The reasons for failure operation of the network and possible interception of information as a result of the attack are identified, methods of detecting rogue access points are analyzed. During the experiment, observations of the 802.11 frames showed that there were deviations in the behavior of beacon frames at the time of the "Evil Twin" attack. First, the number of beacon frames coming from the access point which succumbed to the attack is increasing. Secondly, the traffic analyzer detected significant fluctuations in the values of the received signal level, which simultaneously come from a legitimate and rogue access point, which allows to distinguish two groups of beacon frames. The "Evil Twin" attack was implemented and researched using Aircrack-ng – a package of software for auditing wireless networks, and Wireshark – network traffic analyzer. In the future, the results obtained can be used to improve methods of protection against intrusion into wireless networks, in order to develop effective systems for detecting and preventing intrusions into WLAN.
28
Dr., Harish Joshi, Ashok Bawge Prof., Uzma Kausar Prof., Rishikesh, Pratiksha, and Hinn Benny. "Mitigating ARP Poisoning Via Modified ICMP and Voting Mechanism." Journal of Research in Electrical Power System 1, no. 2 (2025): 8–16. https://doi.org/10.5281/zenodo.15573683.
Full textAbstract:
<em>Address Resolution Protocol (ARP) poisoning is a key vulnerability exploited in advanced LAN attacks, such as Denial- of-Service (DoS) and Man-in-the-Middle (MITM) attacks. The stateless nature of ARP weakens network security, especially in Ethernet environments. To detect such threats, the proposed method involves monitoring network traffic through a Central Server (CS), which then sends a trap ICMP ping packet and analyzes the response to identify malicious activity. For prevention, a voting-based mechanism is used to select a trustworthy CS. By validating and correcting <IP, MAC> pair entries in hosts' cache tables, the CS effectively mitigates ARP poisoning while preserving system performance. This technique relies on ICMP and voting, offering backward compatibility, low cost, minimal traffic overhead, and easy deployment providing a robust solution to detect and prevent MITM-based ARP poisoning while addressing ARP’s inherent weaknesses.</em>
29
Pramod, A. V., Md Abdul Azeem, and M. Om Prakash. "Detecting the Sybil Attack in Wireless Sensor Network :Survey." INTERNATIONAL JOURNAL OF COMPUTERS & TECHNOLOGY 3, no. 1 (2012): 158–61. http://dx.doi.org/10.24297/ijct.v3i1c.2770.
Full textAbstract:
Mobility is frequently a problem for providing security services in ad hoc networks. In this paper, we render that mobility can alsobe used to enhance security. Specifically, we render that nodes which are in  passively monitor traffic in the network can able to detect a Sybil attacker which uses a number of network identities simultaneously. We can do through simulation that this detection can be done by a single node, or multiple trusted nodes can join to improve the accuracy of detection. We then show that although the detection mechanism will falsely identify groups of nodes traveling together as a Sybil attacker, we can extend the protocol to monitor collisions at the MAC level to differentiate between a single attacker spoofing many addresses and a group of nodes traveling in close proximity.
30
Girdler, Thomas, and Vassilios G. Vassilakis. "Implementing an intrusion detection and prevention system using Software-Defined Networking: Defending against ARP spoofing attacks and Blacklisted MAC Addresses." Computers & Electrical Engineering 90 (March 2021): 106990. http://dx.doi.org/10.1016/j.compeleceng.2021.106990.
Full text
31
Partyka, Olha, Bohdan Fihol, and Taras Nakonechnyi. "INTEGRATED APPROACH TO DETECTING BLUETOOTH THREATS USING WIRESHARK AND SPLUNK SIEM." Cybersecurity: Education, Science, Technique 2, no. 26 (2024): 223–34. https://doi.org/10.28925/2663-4023.2024.26.684.
Full textAbstract:
In the modern world, the Bluetooth protocol is one of the most widespread wireless communication technologies used to transfer data between various devices, ensuring their mobility and functionality. Despite its numerous advantages, the Bluetooth protocol remains vulnerable to cyber threats such as DoS attacks, spoofing, and malicious file transfer. These threats pose risks to data confidentiality, integrity, and availability. They can also lead to device failures and hazards in critical systems such as medical equipment or IoT infrastructure. This article focuses on an integrated approach to Bluetooth security monitoring that combines the capabilities of Wireshark and Splunk SIEM. The attacker’s platform is based on the Kali Linux operating system, known for its comprehensive capabilities for implementing penetration tests and attack simulations, while the victim’s platform was running Windows 11, a modern operating system widely used in various environments. The main types of attacks analyzed are DoS attacks that cause denial of service due to system overload, spoofing attacks, which allow attackers to disguise their devices as legitimate, and transferring malicious files, which can lead to malicious code. For each type of attack, the corresponding Splunk SIEM correlation rules were developed and configured, which made it possible to automate the process of identifying suspicious activities. Wireshark was used for deep analysis of Bluetooth traffic, and Splunk provided prompt notification of anomalies, allowing a quick response to potential threats. The results of the experiment confirm the effectiveness of the proposed approach. For example, in the case of DoS attacks, a significant excess of L2CAP protocol packets was detected, making it possible to identify the source of the threat promptly. For spoofing attacks, rules for identifying unusual MAC addresses were used, and for the transfer of malicious files, data was filtered by specific criteria, such as file type or sender.
32
Dr., Harish Joshi, Ashok Bawge Prof., Uzma Kausar Prof., Ladde Akash, Jadhav Rohan, and Dani Rajrajeshwari. "A Decentralized Security Strategy to Counter ARP Cache Poisoning Attacks." Advancement and Research in Instrumentation Engineering 8, no. 2 (2025): 6–12. https://doi.org/10.5281/zenodo.15542613.
Full textAbstract:
<em>The Address Resolution Protocol (ARP) plays a vital role in the Internet protocol suite, but it lacks built-in security features, particularly in verifying the legitimacy of ARP replies. This vulnerability allows attackers to inject fake ARP messages into a Local Area Network (LAN), thereby corrupting the ARP cache of targeted devices. Successful ARP spoofing can enable attackers to carry out man-in-the-middle (MITM) attacks intercepting or altering data or even launch denial-of-service (DoS) attacks. Therefore, identifying and preventing ARP cache poisoning is essential. While several studies have proposed methods to address this threat, our review of the existing literature indicates that most of these solutions are not sufficiently effective at detecting and mitigating the problem. In response, this paper introduces a distributed algorithm designed to quickly detect ARP cache poisoning, identify the compromised hosts involved in the attack, and neutralize the threat using the collected data. We developed a prototype implementation of this algorithm, referred to as an "agent," which is deployed on every host in the network. These agents work collaboratively to form a distributed security framework capable of detecting and countering ARP cache poisoning attacks in real time.</em>
33
Asija, Monika. "MAC Address." IRA-International Journal of Technology & Engineering (ISSN 2455-4480) 3, no. 1 (2016). http://dx.doi.org/10.21013/jte.v3.n1.p5.
Full textAbstract:
<p>Media Access Control (Mac) Address is 48-bit address which is permanently assigned to a network interface card (NIC) or wireless cards. This address is assigned by the manufacturer itself. Every host on a network has a mac address which helps those devices to communicate with other devices at layer-2 (Datalink Layer) of OSI- Model on the other hand IP address is a network address which allows a device to communicate with others on layer-3 of OSI- Model (Network Layer) on a network. A Mac Address is also named as physical address of an Interface.</p><p>Mac Address Spoofing is an activity which is performed to change the Mac Address of a machine. It may be done by authorised or unauthorised persons to access the network or resources. These kind of activities are performed by hackers also who changes the mac address of their pc/ laptop so that their machine can be treated as the authorised machine in that network.(Cardenas, 2003)(MAC address spoofing, 2012)</p>
34
Kemal, Bicakci, and Uzunay Yusuf. "Pushing the Limits of Address Based Authentication: How to Avoid MAC Address Spoofing in Wireless LANs." June 26, 2008. https://doi.org/10.5281/zenodo.1085637.
Full textAbstract:
It is well-known that in wireless local area networks, authenticating nodes by their MAC addresses is not secure since it is very easy for an attacker to learn one of the authorized addresses and change his MAC address accordingly. In this paper, in order to prevent MAC address spoofing attacks, we propose to use dynamically changing MAC addresses and make each address usable for only one session. The scheme we propose does not require any change in 802.11 protocols and incurs only a small performance overhead. One of the nice features of our new scheme is that no third party can link different communication sessions of the same user by monitoring MAC addresses therefore our scheme is preferable also with respect to user privacy.
35
Kemal, Bicakci, and Uzunay Yusuf. "Pushing the Limits of Address Based Authentication: How to Avoid MAC Address Spoofing in Wireless LANs." International Journal of Electrical, Electronic and Communication Sciences 1.0, no. 6 (2008). https://doi.org/10.5281/zenodo.1335456.
Full textAbstract:
It is well-known that in wireless local area networks, authenticating nodes by their MAC addresses is not secure since it is very easy for an attacker to learn one of the authorized addresses and change his MAC address accordingly. In this paper, in order to prevent MAC address spoofing attacks, we propose to use dynamically changing MAC addresses and make each address usable for only one session. The scheme we propose does not require any change in 802.11 protocols and incurs only a small performance overhead. One of the nice features of our new scheme is that no third party can link different communication sessions of the same user by monitoring MAC addresses therefore our scheme is preferable also with respect to user privacy.
36
"Implementation of ARP Spoofing for IOT Devices Using Cryptography AES and ECDSA Algorithms." International Journal of Recent Technology and Engineering 8, no. 2S11 (2019): 2889–93. http://dx.doi.org/10.35940/ijrte.b1363.0982s1119.
Full textAbstract:
The Internet of Things is the network of numerous devices and communicate with an internet by using the IP address. The IOT objects shares the information using wireless connection. During the data transmission, that can be distorted by the Hackers by knowing their IP address. In IOT (Internet of Things), the wireless communication between the devices makes the users to be vulnerable. So, the hackers may spoof the MAC address of the communicating devices. The receiver MAC address is identified and then false MAC (Media Access Control) address is created by the hacker. Then, attackers replaces the original MAC address in the ARP (Address Resolution Protocol) table of the sender. So,the hackers may impersonate like the sender. Therefore, Cryptographic algorithms like AES (Advanced Encryption Standard) for confidentiality and ECDSA (Elliptic Curve Digital Signature Algorithm) for Authentication are applied in the proposed algorithm to safeguard the data as well as the devices from the hackers. The following attacks such as Man-in-the-Middle, Denial -of -Service (DOS) and ARP spoofing are strongly prevented in the proposed algorithm. Thus, the implementation of an algorithm is carried out in Ubuntu Linux environment with installing Python dependencies. This algorithm affords an efficient way to thwart ARP (Address Resolution Protocol) spoofing by the hackers for IOT devices.
37
Ferdous, A. Barbhuiya, Biswas Santosh, and Nandi Sukumar. "AN ACTIVE HOST-BASED INTRUSION DETECTION SYSTEM FOR ARP-RELATED ATTACKS AND ITS VERIFICATION." May 31, 2011. https://doi.org/10.5121/ijnsa.2011.3311.
Full textAbstract:
Spoofing with falsified IP-MAC pair is the first step in most of the LAN based-attacks. Address Resolution Protocol (ARP) is stateless, which is the main cause that makes spoofing possible. Several network level and host level mechanisms have been proposed to detect and mitigate ARP spoofing but each of them has their own drawback. In this paper we propose a Host-based Intrusion Detection system for LAN attacks, which works without any extra constraint like static IP-MAC, modifying ARP etc. The proposed scheme is verified under all possible attack scenarios. The scheme is successfully validated in a test bed with various attack scenarios and the results show the effectiveness of the proposed technique.
38
Song, Guangjia, Jianhua Hu, and Hui Wang. "A novel frame switching model based on virtual MAC in SDN." International Journal of Information Security, March 8, 2023. http://dx.doi.org/10.1007/s10207-022-00659-7.
Full textAbstract:
AbstractMAC address spoofing has plagued LAN communication for a long time. Many attacks use it as a springboard to carry out subsequent attacks. The main reason for this kind of attack is the exposure of MAC address. If the source MAC address of the node can be hidden during frame forwarding, this kind of attack can be effectively prevented. This study proposes virtual MAC switching (VMS) as a solution to this problem. VMS uses multi-address hopping technology to make the MAC address of the frame change continuously in the forwarding process. Its unique address generation format makes other nodes unable to record or speculate the real MAC address of the node, so it cannot launch an attack. Experiments show that VMS is close to typical SDN switches in terms of delay, throughput, and overhead and has a higher security level.
39
Vajrobol, Vajratiya, Geetika Jain Saxena, Amit Pundir, et al. "Identify spoofing attacks in Internet of Things (IoT) environments using machine learning algorithms." Journal of High Speed Networks, December 10, 2024. https://doi.org/10.1177/09266801241295886.
Full textAbstract:
With the growing adoption of Internet of Things (IoT) devices, security concerns are becoming increasingly urgent. Protecting IoT systems from cyberattacks is crucial to safeguard sensitive information. Spoofing, particularly Domain Name System (DNS) and Address Resolution Protocol (ARP) spoofing, is a type of attack that can manipulate network traffic and compromise data integrity. DNS spoofing redirects users to fraudulent websites by altering domain name resolutions, while ARP spoofing tricks the network by associating a legitimate internet protocol address with a malicious MAC address, allowing attackers to intercept or modify communication. This study aims to develop an efficient method for detecting these types of spoofing attacks in IoT environments using machine learning techniques. The results show that the random forest algorithm outperforms other models, achieving remarkable performance with a 95.1% accuracy, a precision score of 95.2%, and a strong F1 score of 95.1%. A key contribution of this research is the simultaneous detection of both DNS and ARP spoofing within a unified framework, utilizing a comprehensive set of 46 features. These findings underscore the importance of ensuring robust protection against spoofing attacks to maintain the security and integrity of IoT systems.
40
Hiba, Imad Nasser, and Abdulridha Hussain Mohammed. "Provably curb man-in-the-middle attack-based ARP spoofing in a local network." August 1, 2022. https://doi.org/10.11591/eei.v11i4.3810.
Full textAbstract:
Even today, internet users” data security remains a significant concern. One problem is ARP poisoning, otherwise referred to as ARP spoofing. Such attacks are intended to exploit the identified ARP protocol vulnerability. Despite no straightforward remedy for ARP spoofing being apparent, certain actions may be taken to maintain one”s safety. The most basic and common defence against a poisoning attack is manually adding MAC and IP addresses to the static ARP cache table. However, this solution is ineffective for large networks where static entries require considerable time and effort to maintain, whether by human input or via special tools and settings for the static entries of network devices. Accordingly, this paper aimed to monitor network packet information and detect the behaviour of ARP poison attacks on operating systems, for instance Windows and Linux. The discovery and defence policy systematically and periodically check the MAC addresses in the ARP table, enabling alerts to be issued if a duplicate entry is detected. This enables the poison-IP address to be blocked before a reply is sent. Finally, the results showed that the superiority was successfully achieved in the detection, prevention and reporting mechanisms in the real-world environment.
41
"Detection and Prevention of De-authentication Attack in Real-time Scenario." VOLUME-8 ISSUE-10, AUGUST 2019, REGULAR ISSUE 8, no. 10 (2019): 3324–30. http://dx.doi.org/10.35940/ijitee.j1217.0881019.
Full textAbstract:
Wireless Local Area Network (WLAN) is an infrastructure network in which nodes are connected to a centralized system to provide Internet access to mobile users by radio waves. But WLANs are vulnerable to Medium Access Control (MAC) layer Denial of Service (DoS) attacks due to the susceptibility of the management frames. An attacker can spoof the MAC address of the legitimate client and perform de-authentication attack to disconnect WLANs users from the access point. Many free tools are available in Kali Linux Operating System (OS) by which this attack can be performed and cause a security threat to WLAN users. The consequences of de-authentication DoS attack are frequent disconnection from Internet, traffic redirection, man-in-the-middle attack, and congestion. Despite enormous efforts in combating de-authentication DoS attack in the past decade, this attack is still a serious threat to the security of the cyber world. Medium Access Control Spoof Detection and Prevention (MAC SDP) DoS algorithm performs detection and prevention of de-authentication attack caused by spoofing MAC address. This algorithm is modified to make it more immune to the de-authentication attack and implemented in real-time scenario. The results show that the proposed technique increases the packet flow rate by 20.36%, reduces the packet loss by 95.71%, and reduces the down time and recovery time by 0.39 sec and 0.9 sec respectively as compared to MAC SDP DoS algorithm.
42
Mammadov, M., U. Safarova, T. Mammadli, E. Hacili, G. Ibrahimova, and T. Taghiyeva. "ANALYSIS OF ARP-SPOOFING ATTACK DETECTION METHODS IN THE NETWORK." Norwegian Journal of development of the International Science 142 (October 12, 2024). https://doi.org/10.5281/zenodo.13930713.
Full textAbstract:
<strong>Abstract</strong> In the era of widespread use of modern computer networks, one of the most important tasks in the infrastructure of a private enterprise is to ensure the security of its computer network. To date, network attacks, especially ARP-spoofing, are particularly relevant. Due to the comprehensive and extensive functionality of modern network systems, it is difficult to detect these types of attacks, and due to the ease of their implementation, these network attacks are considered one of the most dangerous attacks. This article describes the description and detection method of ARP-spoofing attack.
43
"Cloud Security: Inter-Host Docker Container Communication using Vault Dynamic Secrets." International Journal of Innovative Technology and Exploring Engineering 9, no. 2S (2019): 395–401. http://dx.doi.org/10.35940/ijitee.b1035.1292s19.
Full textAbstract:
In this paper we attempt to address Inter-Host Docker container communications security issues by incorporating a latest approach provided by Vault Hashicorp dynamic secret mechanism for managing SSH keys and server credentials. A simulation environment is prepared for Inter-Host container communication consisting of one host running locally and the peer host running as an AWS EC2 instance in cloud. Industry standard monitoring tool Grafana is used in the simulation environment to highlight the security impacts for any organization. We also draw special attention to some of the security vulnerabilities in docker container like ARP spoofing, Integrity of the docker host and containers and MAC flooding attacks. We try to list some best practices to be followed when using docker containers in any production deployments.
44
Abbas, Sara Adel, and Eman Mohamed El-Didamony. "Reduction of secondary lobes in joint angle and delay estimation in angle of arrival localization to detect MAC address spoofing in wireless networks." International Journal of Communication Networks and Information Security (IJCNIS) 12, no. 1 (2022). http://dx.doi.org/10.17762/ijcnis.v12i1.4353.
Full textAbstract:
in this paper, we solve the problem of secondary lobes that are due to noise that comes from constructive and destructive multipath interference that are resulted in received signal strength (RSS) variation over time. This is to develop a very efficient localization algorithm that uses a unique fingerprint angle of arrivals (AOAs), in a specified range, with associated time delays (TDs), in the surrounded sparsity design promoting multipath parameter (i.e:RSS). We solve this problem to detect physical identity spoofing of nodes in radio wireless networks, and localize adversaries and jammers of wireless networks. All radio waves are vulnerable to many types of attacks due to the ability to capture them and sniff or eavesdropping on them in the open space. Physical identity spoofing is used to launch many types of attacks against wireless networks like Denial of Service (DOS), Man-In-The-Middle and Session Hijacking and eavesdropping. Eavesdropping is a human-based social engineering attack. Active adversaries are able to jam and eavesdrop simultaneously, while passive adversaries can only eavesdrop on passed signals. In TCP/IP protocol for example, Media Access Card (MAC) Address is transferred in 802.11 frames. Detection process was carried out by analyzing electromagnetic radio waves that are used to transfer data, in the form of radio wave signals that are formed by the modulation process which mixes the electromagnetic wave, with another one of different frequency or amplitude to produce the signal with a specified pattern of frequency and amplitude. We depended on the angle of arrival of vectors and time delay across scattered areas in the surrounded space to solve the problem of co-location in detection and localization of jammers. We used Maximum Likelihood (ML) angle of arrival determination because ML approaches, known to their higher accuracy and enhanced resolution capabilities. And we assessed their computational complexity that was considered as the major drawback for designers to their implementation in practice. Our solution was tested on a jammer that changed the signal strength of received signal at the receiver at an angle of arrival 30 degree. And we used scatterers density to determine the angle of arrival of the sender. The simulation has observed that the power of the received signal has changed from the range of angles 20 to 40 degrees. We used scatterers because they describe the density of the signal power, and also enhance the signal to noise ratio, that resulted from the multipath fading of the signal strength. And also overcoming the problem of secondary lobes that are due to signal propagation, while determining the angle of arrival of a signal sender. So, we developed a new passive technique to detect MAC address spoofing based on angle of arrival localization. And assessed the computation complexity of the localization technique through depending on a range angle to estimate the angle of arrival of the adversary within it. And we reduced number of secondary lobes, and their peaks, in the importance function, while determining the angle of arrival, and so increasing the accuracy of angle of arrival measurement. We compared our work to other techniques and find that our technique is better than these techniques.
45
ElShafee, Ahmed, and Walid El-Shafai. "Design and analysis of data link impersonation attack for wired LAN application layer services." Journal of Ambient Intelligence and Humanized Computing, April 2, 2022. http://dx.doi.org/10.1007/s12652-022-03800-5.
Full textAbstract:
AbstractImpersonation attack, also known as MAC spoofing, is widespread in wireless local area networks. Under this attack, the senders cannot control the device that listens to their traffic. On the other hand, the physical layer of the wired local area network is more secure, where the traffic is transmitted through cables and network nodes to the intended receivers. Each network node builds its MAC address table, which states stations that are physically connected (directly or indirectly) to each port, so traffic encryption is an unnecessary process. This paper discusses the design and testing of a new attack called a data link impersonation attack. In this attack, the attacker is considered a hardware intruder that deceives data link layer apparatus like the switches of layer two or three, taking advantage of a vulnerability in the MAC address table of the network nodes. That leads the network switches to send all the network traffic to the intruder instead of the real network device (usually a network service provider under attack). Intruder accepts all incoming requests/traffic from the service requester. If the intruder does not reply to the received requests sent by service requesters, it acts as a black hole intruder, simply causing a denial-of-service attack. If an intruder responds to these requests with fake replies to steal information from service requesters, it acts as a white hole intruder. During the attack, the intruder is transparent for the whole network and does not affect overall network performance and generally the network services, so it is so hard to be discovered by the network software running the network apparatus. Different scenarios were tested using different network simulators and physical networks (CISCO L2/L3 switches). It is demonstrated that the attacker is successfully denied the service/application under attack. The proposed attack reveals the new vulnerability of the wired local area network and opens the door for network scientists to enhance network software that runs the network apparatus immune against the proposed attack.
46
Ammar, Rayes. "Advanced Security Management in Metro Ethernet Networks." January 31, 2010. https://doi.org/10.5281/zenodo.1255892.
Full textAbstract:
With the rapid increase in bandwidth and the introduction of advanced IP services including voice, high-speed internet access, and video/IPTV, consumers are more vulnerable to malicious users than ever. In recent years, roviding safe and sound networks and services have been the zenith priority for service providers and network carriers alike. Users are hesitant to subscribe to new services unless service providers guarantee secure connections. More importantly, government agencies of many countries have introduced legislations requiring service providers to keep track and records of owners of IP and MAC addresses at all time. In this paper, we first present an overview of Metro Ethernet (or Ethernet-To-The-Home/Business (ETTx)) and compare with various IP broadband access technologies including DSL, wireless and cable. We then outline major security concerns for Metro Ethernet networks including network and subscriber/end user security. Next we introduce state-of-the-art algorithms to prevent attackers from stealing any IP or MAC addresses. Our proposal is to use network management in conjunction with hardware features for security management to provide a secure and spoofing-free ETTx network. The key idea behind our proposal is to utilize network management to enforce strict (port, MAC, IP) binding in the access network to provide subscriber security. The paper then proposes an adaptive policy-based security controller to quickly identify suspected malicious users, temporarily isolate them without disconnecting them from the network or validating their contracts, and then carry the required analysis. The proposed controller identifies malicious users without compromising between accurate but lengthy traffic analysis and premature decision. It also provides the ability to make granular corrective actions that are adaptive to any defined network condition.
47
Najat, Tissir, Aboutabit Noureddine, and El Kafhali Said. "Detection and prevention of Man-in-The-Middle attack in cloud computing using Openstack." February 1, 2025. https://doi.org/10.11591/eei.v14i1.8103.
Full textAbstract:
This paper proposes a new technique designed to prevent and detect address resolution protocol (ARP) spoofing attacks in general, and specifically Manin-the-Middle (MitM) attacks, within the context of cloud computing. The solution focuses on establishing appropriate flow filtering rules based on parameters such as 'time feature' and internet control message protocol '(ICMP) protocol'. The tests were conducted using the Openstack platform. One of the key benefits of this proposed approach is the improved performance in effectively detecting a significant number of malicious packets. We implemented this solution on the Openstack platform and conducted evaluations to demonstrate its efficacy. The results confirm that our method achieves superior performance in detecting MitM attacks, with a packet detection ratio (PDR) of 60.4%. Moving forward, this work will contribute to protecting cloud environments from a large number of MitM attacks.