Page 14 - 2023-Vol19-Issue2
P. 14
10 | Nasser & Hussain
For attack detection, a Python script utilizing the Scapy mod- III. BACKGROUND
ule is used. After the contents of the request packet have been
verified, an alert is sent if the original Mac does not match A. Address Resolution Protocol
the reply Mac, and a static item is stored in a cache table as The Address Resolution Protocol (ARP) is one of the major
a security precaution. The proposed method does not permit
dynamic entries. Rather than creating a script for spoofing, protocols in the TCP/IP suite[20]. ARP aims to map an IPv4
the existing available tools may be utilized to undertake Kali address to a physical address. Network applications at the
Linux assaults and packet analysis. application layer use IPv4 addresses to communicate with
other devices. But at the data link layer, the address is a MAC
Alsukkar et al. [17]The researchers suggest a few meth- address permanently burned into the network card. ARP
ods, one of which is using an application that alerts the user of is used to determine the MAC address of a device on your
an ARP spoofing attack by displaying the attacker’s IP-Mac LAN as well as the corresponding IPv4 address with which a
address to identify and defend against MITM assaults. Each network application is attempting to communicate[21].
network node’s genuine Mac address and the results of a ping
ICMP message are sent to the router for additional security. In contrast, static mapping requires the creation of a database
There has been a reversion to the previous ARP table configu- that connects a logical address with a physical address[22].
rations. The application is loaded on the administrator’s and This table is saved on each network computer. Each device
the users’ computers. Additionally, the network configuration that knows the IP address but not the physical address of
may attack and corrupt the ARP table. Both programmes another device may look it up in the database. The static
proved valuable and workable, and they were both developed mapping table must be routinely updated when devices’ MAC
in Python for use only on the Linux platform. The proposed addresses change. This may impact network performance[23].
investigation into alternative OSes, however, has been ineffec- Dynamic mapping implements a distinct situation. When
tive. Sending packets to all devices per second causes a lot of a computer knows the logical address of another device, it
network traffic. may use a protocol to determine the device’s physical address.
Two protocols, ARP and Reverse(RARP), have been created
Mahendra [18]The researcher’s method improves the ARP to accomplish dynamic mapping (RARP)[24]. ARP converts
table static input process by reducing the time-consuming logical addresses to physical addresses, whereas RARP con-
manual entry methods and automatically evaluating the cor- verts physical addresses to logical addresses. Since the ARP
rectness of data entered into the static table. The strategy protocol has been the focal point of this thesis, we shall con-
worked well by using the static record feature of some op- fine our discussion to that protocol[24].
erating systems, such as Linux and Windows, to create a
semi-static table for the cache. In a virtual network, packets B. ARP Spoofing Attack
are sent, and the validity of the responses is verified before One kind of MITM attack is called ARP spoofing, and it
they are added to the table using an ARPing tool. As a result,
the suggested solution does not ensure the safety of all net- involves an attacker sending fake ARP packets to a local area
work users. Instead, it must give a white list of trustworthy network[25]. The attack aims to have the victim’s network
IP-MAC addresses that may be used to evaluate the ARPing interface card (MAC) address matched to the IP address of
tool’s ability to add to the static record. another computer (such as the default gateway), redirecting all
communication intended for the other machine to the attacker.
Rupal et al.[19]This article explains how an authentication If an attacker can fake an ARP, they may change network traf-
tool may also be used to identify and avoid ARP poisoning in fic or completely block it. Many additional attacks, including
a dynamic IP configuration. The primary ARP cache stores DOS attacks, MITM attacks, and session hijacking attacks,
the authentication information for IP-MAC pairings, which is take advantage of this vulnerability[26].
subsequently saved in a text file in the secondary ARP cache.
One server sets up IP DHCP, another uses MySQL and a ARP spoofing is an attack method that takes advantage
database to authenticate users, and the third server monitors of the fact that the integrity check of the ARP message is not
for and prevents cache poisoning attacks. To detect and pre- guaranteed and sends a fake ARP response packet to the target
vent attacks, all devices receive an ICMP broadcast request to trick the MAC address and stop normal operation[27].
and reply message. Due to its failure to transmit a response,
the IP-Mac is deleted from the secondary and primary ARP ARP poisoning repeatedly sends abnormal ARP response
caches. On the other hand, broadcasting requests make the packets to the target. Fig.1 and Fig.2 assume that the host’s IP
system less useful because the network gets clogged up, the address (1) is ’0.0.0.1’ and the MAC address is AA.AA’, and
server has to be managed by authorized people, and only the host’s IP address (2) is ’0.0.0.2’ is ’CC.CC’. Fig.1 shows
reliable storage facilities can be used. the normal communication flow before the ARP spoofing
attack occurs. When attempting to communicate from Host
(1) to Host (2), a MAC address is required, and an ARP
request message is sent in the Broadcasting method to locate