ARP Cache Poisoning and Routing Loops in ad Hoc Networks

Abstract

This paper examines a new application of the well-known ARP spoofing (or ARP cache poisoning) attack. Traditionally, ARP spoofing has been applied in local area networks to allow an attacker to achieve a man-in-the-middle position against target hosts, or to implement a denial-of-service by routing messages to non-existent hardware addresses. In this paper, we introduce a variant of ARP spoofing unique to multi-hop ad hoc networks in which routing loops are created among target wireless hosts. The routing loops not only results in a denial-of-service against the targeted hosts, but creates a resource consumption attack, where the targets waste power and occupy the channel, precluding its use by legitimate traffic. The paper identifies the network topology pre-conditions under which routing loops are possible, and discusses how ARP spoof messages can be used to create routing loops of arbitrary size. We show experimental results of an implementation and provide suggestions as to how to prevent, detect, or mitigate the attack.