Page 14 - 2023-Vol19-Issue2
P. 14

10 |                                                               Nasser & Hussain

For attack detection, a Python script utilizing the Scapy mod-                       III. BACKGROUND
ule is used. After the contents of the request packet have been
verified, an alert is sent if the original Mac does not match      A. Address Resolution Protocol
the reply Mac, and a static item is stored in a cache table as        The Address Resolution Protocol (ARP) is one of the major
a security precaution. The proposed method does not permit
dynamic entries. Rather than creating a script for spoofing,       protocols in the TCP/IP suite[20]. ARP aims to map an IPv4
the existing available tools may be utilized to undertake Kali     address to a physical address. Network applications at the
Linux assaults and packet analysis.                                application layer use IPv4 addresses to communicate with
                                                                   other devices. But at the data link layer, the address is a MAC
    Alsukkar et al. [17]The researchers suggest a few meth-        address permanently burned into the network card. ARP
ods, one of which is using an application that alerts the user of  is used to determine the MAC address of a device on your
an ARP spoofing attack by displaying the attacker’s IP-Mac         LAN as well as the corresponding IPv4 address with which a
address to identify and defend against MITM assaults. Each         network application is attempting to communicate[21].
network node’s genuine Mac address and the results of a ping
ICMP message are sent to the router for additional security.           In contrast, static mapping requires the creation of a database
There has been a reversion to the previous ARP table configu-      that connects a logical address with a physical address[22].
rations. The application is loaded on the administrator’s and      This table is saved on each network computer. Each device
the users’ computers. Additionally, the network configuration      that knows the IP address but not the physical address of
may attack and corrupt the ARP table. Both programmes              another device may look it up in the database. The static
proved valuable and workable, and they were both developed         mapping table must be routinely updated when devices’ MAC
in Python for use only on the Linux platform. The proposed         addresses change. This may impact network performance[23].
investigation into alternative OSes, however, has been ineffec-    Dynamic mapping implements a distinct situation. When
tive. Sending packets to all devices per second causes a lot of    a computer knows the logical address of another device, it
network traffic.                                                   may use a protocol to determine the device’s physical address.
                                                                   Two protocols, ARP and Reverse(RARP), have been created
    Mahendra [18]The researcher’s method improves the ARP          to accomplish dynamic mapping (RARP)[24]. ARP converts
table static input process by reducing the time-consuming          logical addresses to physical addresses, whereas RARP con-
manual entry methods and automatically evaluating the cor-         verts physical addresses to logical addresses. Since the ARP
rectness of data entered into the static table. The strategy       protocol has been the focal point of this thesis, we shall con-
worked well by using the static record feature of some op-         fine our discussion to that protocol[24].
erating systems, such as Linux and Windows, to create a
semi-static table for the cache. In a virtual network, packets     B. ARP Spoofing Attack
are sent, and the validity of the responses is verified before        One kind of MITM attack is called ARP spoofing, and it
they are added to the table using an ARPing tool. As a result,
the suggested solution does not ensure the safety of all net-      involves an attacker sending fake ARP packets to a local area
work users. Instead, it must give a white list of trustworthy      network[25]. The attack aims to have the victim’s network
IP-MAC addresses that may be used to evaluate the ARPing           interface card (MAC) address matched to the IP address of
tool’s ability to add to the static record.                        another computer (such as the default gateway), redirecting all
                                                                   communication intended for the other machine to the attacker.
    Rupal et al.[19]This article explains how an authentication    If an attacker can fake an ARP, they may change network traf-
tool may also be used to identify and avoid ARP poisoning in       fic or completely block it. Many additional attacks, including
a dynamic IP configuration. The primary ARP cache stores           DOS attacks, MITM attacks, and session hijacking attacks,
the authentication information for IP-MAC pairings, which is       take advantage of this vulnerability[26].
subsequently saved in a text file in the secondary ARP cache.
One server sets up IP DHCP, another uses MySQL and a                   ARP spoofing is an attack method that takes advantage
database to authenticate users, and the third server monitors      of the fact that the integrity check of the ARP message is not
for and prevents cache poisoning attacks. To detect and pre-       guaranteed and sends a fake ARP response packet to the target
vent attacks, all devices receive an ICMP broadcast request        to trick the MAC address and stop normal operation[27].
and reply message. Due to its failure to transmit a response,
the IP-Mac is deleted from the secondary and primary ARP               ARP poisoning repeatedly sends abnormal ARP response
caches. On the other hand, broadcasting requests make the          packets to the target. Fig.1 and Fig.2 assume that the host’s IP
system less useful because the network gets clogged up, the        address (1) is ’0.0.0.1’ and the MAC address is AA.AA’, and
server has to be managed by authorized people, and only            the host’s IP address (2) is ’0.0.0.2’ is ’CC.CC’. Fig.1 shows
reliable storage facilities can be used.                           the normal communication flow before the ARP spoofing
                                                                   attack occurs. When attempting to communicate from Host
                                                                   (1) to Host (2), a MAC address is required, and an ARP
                                                                   request message is sent in the Broadcasting method to locate
   9   10   11   12   13   14   15   16   17   18   19