ARP spoofing

Abstract

ARP spoofing attack, one of the most important security topics, is usually taught in courses such as Intrusion Detection in Local Area Networks (LANs). In such a course, hands-on labs are very important as they facilitate students' learning on how to detect ARP spoofing using various types of security solutions, such as intrusion detection and prevention systems (IDS/IPS). The preparation of these hands-on labs are usually the task of Security Instructors who are required to select and use efficient security solutions for their hands-on experiments; the problem that presents itself is that most of these security instructors lack the sufficient hands-on experience and skills. For this reason and because of the diversity of the available security solutions, the security instructors are having much difficulty when selecting the adequate security solutions for their hands-on labs.This paper is a comparative study for educational purpose. It provides analysis based on practical experiments carried out on a number of security solutions regarding their ability to detect ARP spoofing. Our analysis provides means for security instructors to evaluate and select the appropriate security solutions for their hands-on labs. In addition, we clearly show that ARP spoofing has not been given enough attention by most tested security solutions, even though this attack presents a serious threat, is very harmful and more dangerously it is easy to conduct. As a solution, we propose the requirements for an ideal algorithm that can be used by security solutions to detect effectively any ARP spoofing attack.