JIS  Vol.1 No.2 , October 2010
Denial of Service Due to Direct and Indirect ARP Storm Attacks in LAN Environment
ABSTRACT
ARP-based Distributed Denial of Service (DDoS) attacks due to ARP-storms can happen in local area networks where many computer systems are infected by worms such as Code Red or by DDoS agents. In ARP attack, the DDoS agents constantly send a barrage of ARP requests to the gateway, or to a victim computer within the same sub-network, and tie up the resource of attacked gateway or host. In this paper, we set to measure the impact of ARP-attack on resource exhaustion of computers in a local area network. Based on attack experiments, we measure the exhaustion of processing and memory resources of a victim computer and also other computers, which are located on the same network as the victim computer. Interestingly enough, it is observed that an ARP-attack not only exhausts resource of the victim computer but also significantly exhausts processing resource of other non-victim computers, which happen to be located on the same local area network as the victim computer.

Cite this paper
S. Kumar and O. Gomez, "Denial of Service Due to Direct and Indirect ARP Storm Attacks in LAN Environment," Journal of Information Security, Vol. 1 No. 2, 2010, pp. 88-94. doi: 10.4236/jis.2010.12010.
References
[1]   L. Gerber, “Denial of Service Attacks Rip the Internet,” IEEE Computer, April 2000.

[2]   P. G. Neumann, “Denial-of-Service Attacks,” ACM Communications, Vol. 43. No. 4, April 2000, p. 136.

[3]   K. J. Houle and G. M. Weaver, “Trends in Denial of Service Attack Technology,” Computer Emergency Response Team (CERT)? Coordination Center, V1.0, October 2001.

[4]   Computer Emergency Response Team (CERT)? Advisory, “Home Network Security,” CA-2001-20. http://www.cert. org/tech_tips/home_networks.html

[5]   A. Householder, A. Manion, L. Pesante and G. M. Weaver, “Managing the Threat of Denial-of-Service Attacks,” CERT Coordination Center, October 2001.

[6]   CERT? Incident Note IN-2001-10, “Code-Red Worm Crashes IIS 4.0 Servers with URL Redirection Enabled,” CERT Coordination Center, August 2001. http://www. cert.org/incident_notes/IN-2001-10.html

[7]   Cisco Security Advisory, “Code-Red Worm—Customer Impact,” Document ID: 46345, Cisco Networks, July 2001, http://www.cisco.com/warp/public/707/cisco-code- red-worm-pub.shtml.

[8]   D. C. Plummer, “Ethernet Address Resolution Protocol,” IETF Network Working Group, RFC-826, November 1982.

[9]   S. Kumar, “Impact of a Distributed Denial of Service (DDoS) Attack Due to ARP Storm,” International Conference on Networking, to be published in Lecture Notes in Computer Science (LNCS), April 2005.

[10]   ARPwatch: http://en.wikipedia.org/wiki/Arpwatch.

 
 
Top