ARP Poisoning Detection and Prevention using Scapy

Abstract

Address Resolution Protocol is a protocol associated with mapping a given IP address with the associated MAC address. ARP Poisoning or Spoofing attack is an attack which carried out over a Local Area Network. In an ARP Poisoning/Spoofing attack malicious ARP Packets are sent to a default gateway on LAN with intent to change the IP address-MAC address pairings in the ARP cache table. ARP Spoof attack tool has been developed with a script written in Python Programming language using scapy library. A detection algorithm has been proposed for detecting the above generated ARP Poisoning attack (or any ARP Poisoning attack in general) and implemented the same using a python script with scapy library. The detection algorithm is based on analyzing the real MAC Address and response MAC Address of the ARP Packet sniffed for any discrepancies. Lastly, a prevention mechanism is proposed and implemented for ARP Poisoning attacks by implementing static entries in ARP table.