A framework to mitigate ARP sniffing attacks by cache poisoning

Abstract

Today in the digital era of computing, most of the network attacks are caused by sniffing the sensitive data over the network. Among various types of sniffing attacks, ARP sniffing causes most of the LAN attacks (wired and wireless LAN coexist). ARP sniffing causes poisoning of ARP cache or spoofing. Through ARP sniffing, the attacker tries to know the (IP, MAC) pair of victim's system available in ARP table or ARP request-reply packet passed over the network and either exploits victim's resources or creates a situation to deny victim's services for its legitimate users. This in-turn causes MITM, DoS or DDoS attacks. The major cause for these attacks is lack of effective authentication mechanisms with ARP or RARP protocols used for address resolution. This paper provides the working principle of ARP protocol and a method to mitigate the attacks caused by ARP cache poisoning. The proposed framework compares the IP-MAC pair in the ARP and Ethernet headers and if any fake entry is suspected, the information is updated in the fake list and a message is sent to the gateway or router to alert it from cache poisoning attacks.