Page 13 - 2023-Vol19-Issue2
P. 13
9| Nasser & Hussain
possibility of security incidents. ARP (Address Resolution works or hardware. It also doesn’t change the protocol. As
Protocol)have been known to have flaws since 1982, but ARP a result, it’s cheap and doesn’t overburden the system or net-
spoofing is still being used to cause damage today, nearly 40 work.
years later[9].
[4] Consider all ARP assaults; periodically check the ARP
Although many studies of these security threats have been cache table, and maintain an encrypted blacklist of all po-
conducted long, expensive equipment is required, so it is in- tential attackers so our proposal resists DOS, impersonation,
stalled and operated only in a particular organization, static reply, and inside attacks.
table creation and management [10]. The current network
system’s implementation was either impossible or limited. [5] A technique of customizing the device’s dynamic ta-
Therefore, this paper describes the process of an ARP poison- bles and entries without respect for the router’s capabilities.
ing attack and then suggests a way to defend against it. That
is, an ARP poisoning attack changes the ARP cache table This paper details a basic client-side ARP spoofing detec-
information by repeatedly sending an abnormal ARP response tion and prevention approach. The algorithm filters packets
packet to the target of the attack. before issuing ARP requests or replies. Furthermore, it offers
a defensive method that does not require network protocol up-
During this process, The ARP request packet is being mon- grades or costly equipment. Verifying MAC and IP addresses
itored [11]. An ARP poisoning attack is found and stopped by before sending or receiving packets prevents ARP spoofing.
analyzing and validating the information in the request packet Moreover, it enables safe and rapid authentication and main-
before sending responses[12]. tains data and users’ confidentiality, integrity, and anonymity
via efficient encryption algorithms. Its efficacy seems to be
Problems statement equivalent to that of other methods. The sections are given in
the following order: Section 2 examines the relevant literature.
Layer 2 connections are the most susceptible. Layer 2 The background should be clarified in Section 3. Section 4
protocols are risky since they don’t ensure a reliable IP-to- discusses the approach used. In Section 5, the results and
MAC connection. Layer 3 devices, like routers, link multiple testing of the proposed approach are discussed. Section 6:
subnets to allow nodes end-to-end Internet access; hence, Security Performance and Analysis Section 7 ends with a
their security is a primary consideration when putting up a summary and conclusion.
network.ARP translates IP to MAC addresses. ARP may be
used for spying and spoofing, but the protocol was created II. RELATED WORK
with security features to avoid such attacks. This section
shows ARP’s vulnerabilities[13]. Prabhadevi. B [14]GNS3, the Ettercap, and Wincap packet
analyzers are also described in this work. This architecture
• Stateless: ARP is a stateless protocol; thus, it sends uses IP-MAC table comparisons between Ethernet and ARP
reply packets even if it hasn’t done any ARP inquiries and headers, and incorrect entries are added to a spoofed database.
doesn’t verify packet validity. This allows the attacker to Every 10 minutes, the gateway gets messages to empty the
transmit bogus ARP reply packets to the victim using his cache, warn about cache poisoning, and add fake information
MAC address. to the fake list. New hosts need an updated ARP table. This
method uses phoney data to identify attacks. Still, since the
• No authentication: ARP depends on a secure LAN; list’s storage locations are unknown, the approach is subject
therefore, it’s impossible to determine whose host delivered to attack and wastes time because it doesn’t function with a
the ARP message. ARP spoof. real network.
• ARP cache table update: The ARP table will rapidly up- Hijazi et al.[15] The studies explored many ARP diffi-
date its cache of IP-to-MAC mappings when an ARP request culties and suggested ways for spotting and blocking these
or reply is received; however, the correctness of this informa- attacks. The recommended cure includes a static ARP table
tion is not validated. Reduces network traffic. Changing your entry technique, type comparison, IP-Mac-based input de-
IP address will clear the cache. tection, and preventive measures. For system security, the
IP-Mac address in ARP must match. So you can work, re-
Contributions to our proposed scheme to prevent ARP move the false IP-Mac. The proxy server uses the patch file
spoofing attacks:. to address and correct ARP security problems. This strategy
has been proven effective; it requires no additional resources
[1] Without using encryption, which could slow ARP, and provides essential solutions on a small network. This
the attack could still be found, and alerts were sent to the technique can add static ARP entries but not dynamic ones.
administrator about the attack scenario on time.
Majumdar et al.[16] The Python programming language
[2] Using packet filtering in conjunction with network was used to develop a tool for ARP poisoning and spoofing.
traffic monitoring to prevent ARP spoofing attacks without
negatively impacting the speed at which ARP request and
reply exchanges occur.
[3] The suggested solution doesn’t require any extra net-