Open Access Open Access  Restricted Access Subscription Access

Mitigating ARP Poisoning Via Modified ICMP and Voting Mechanism

Dr. Harish Joshi, Prof. Ashok Bawge, Prof. Uzma Kausar, Rishikesh ., Pratiksha ., Benny Hinn

Abstract


Address Resolution Protocol (ARP) poisoning is a key vulnerability exploited in advanced LAN attacks, such as Denial- of-Service (DoS) and Man-in-the-Middle (MITM) attacks. The stateless nature of ARP weakens network security, especially in Ethernet environments. To detect such threats, the proposed method involves monitoring network traffic through a Central Server (CS), which then sends a trap ICMP ping packet and analyzes the response to identify malicious activity. For prevention, a voting-based mechanism is used to select a trustworthy CS. By validating and correcting <IP, MAC> pair entries in hosts' cache tables, the CS effectively mitigates ARP poisoning while preserving system performance. This technique relies on ICMP and voting, offering backward compatibility, low cost, minimal traffic overhead, and easy deployment—providing a robust solution to detect and prevent MITM-based ARP poisoning while addressing ARP’s inherent weaknesses.


Full Text:

PDF

References


Plummer, "An Ethernet Address Resolution Protocol," RFC 826, 1982.

Callegati, W. Cerroni, and M. Ramilli, "Man-in- the-Middle Attack on HTTPS," IEEE Security & Privacy, Vol. 7, No. 1, 2009, pp. 78-81.

Bellovin, "Security Issues in the TCP/IP Protocol Suite," ACM SIGCOMM'89, Vol. 19, pp. 32-48.

ICMP Redirect Messages – Available at: Embedded Linux.

Teterin, "Antidote," 2002 – Available at: Security Focus. and Wireless LANs," EURASIP Journal on Wireless Communications and Networking, Vol. 2012, No. 1,pp. 1-17.

Barnaba, "Anticap," 2003 – Available at: AntiFork.

Jinhua and X. Kejian, "ARP Spoofing Detection Using ICMP Protocol," IEEE International Conference on Computer Communication and Informatics (ICCCI’13), 2013, pp. 1-6.

Cisco Headquarters, "Cisco Security Appliance Command Line Configuration Guide," 2005.

Hou, Z. Jiang, and X. Tian, "Detection and Prevention of ARP Spoofing Using SNORT," IEEE International Conference on Computer Application and System Modeling (ICCASM’10), Vol. 5, pp. V5-137.

Lootah, W. Enck, and P. McDaniel, "TARP: Ticket-Based Address Resolution Protocol," IEEE Computer Society, Vol. 51, No. 15, 2007, pp. 4322-4337.


Refbacks

  • There are currently no refbacks.