Detection and prevention of ARP cache poisoning

Abstract

Address Resolution Protocol (ARP) is a protocol having simple architecture and have been in use since the advent of Open System Interconnection (OSI) network architecture. Its been working at network layer for the important dynamic conversion of network address i.e. Internet Protocol (IP) address to physical address or Media Access Control (MAC) address. Earlier it was sufficiently providing its services but in today‟s complex and more sophisticated unreliable network, security being one major issue, standard ARP protocol is vulnerable to many different kinds of attacks. These attacks lead to devastating loss of important information. With certain loopholes it has become easy to be attacked and with not so reliable security mechanism, confidentiality of data is being compromised. Therefore, a strong need is felt to harden the security system. Since, LAN is used in maximum organizations to get the different computer connected. So, an attempt has been made to enhance the working of ARP protocol to work in a more secure way. Any kind of attempts to poison the ARP cache (it maintains the corresponding IP and MAC address associations in the LAN network) for redirecting the data to unreliable host, are prevented beforehand. New modified techniques are proposed which could efficiently guard our ARP from attacker and protect critical data from being sniffed both internally and externally. Efficiency of these methods has been shown mathematically without any major impact on the performance of network. Main idea behind how these methods actually work and proceed to achieve its task has been explained with the help of flow chart and pseudo codes. With the help of different tools ARP cache is being monitored regularly and if any malicious activity is encountered, it is intimidated to the administrator immediately. So, in this thesis underlying problem has been analyzed and a solution to detect and prevent ARP poisoning efficiently has been provided.