Ghazi Al Sukkar¹, Ramzi Saifan², Sufian Khwaldeh³, Mahmoud Maqableh⁴, Iyad Jafar²

Show more
¹ Electrical Engineering Department, The University of Jordan, Amman, Jordan.
² Computer Engineering Department, The University of Jordan, Amman, Jordan.
³ Business Information Technology Department, The University of Jordan, Amman, Jordan.
⁴ Management Information Systems Department, The University of Jordan, Amman, Jordan.
Show less

Abstract: Networks have become an integral part of today’s world. The ease of deployment, low-cost and high data rates have contributed significantly to their popularity. There are many protocols that are tailored to ease the process of establishing these networks. Nevertheless, security-wise precautions were not taken in some of them. In this paper, we expose some of the vulnerability that exists in a commonly and widely used network protocol, the Address Resolution Protocol (ARP) protocol. Effectively, we will implement a user friendly and an easy-to-use tool that exploits the weaknesses of this protocol to deceive a victim’s machine and a router through creating a sort of Man-in-the-Middle (MITM) attack. In MITM, all of the data going out or to the victim machine will pass first through the attacker’s machine. This enables the attacker to inspect victim’s data packets, extract valuable data (like passwords) that belong to the victim and manipulate these data packets. We suggest and implement a defense mechanism and tool that counters this attack, warns the user, and exposes some information about the attacker to isolate him. GNU/Linux is chosen as an operating system to implement both the attack and the defense tools. The results show the success of the defense mechanism in detecting the ARP related attacks in a very simple and efficient way.

Keywords: Address Resolution Protocol, ARP Spoofing, Security Attack and Defense, Man in the Middle Attack

Cite this paper: Al Sukkar, G. , Saifan, R. , Khwaldeh, S. , Maqableh, M. and Jafar, I. (2016) Address Resolution Protocol (ARP): Spoofing Attack and Proposed Defense. Communications and Network, 8, 118-130. doi: 10.4236/cn.2016.83012.

References

[1]   Plummer, D.C. (1982) An Ethernet Address Resolution Protocol. RFC 826.

[2]   Ornaghi, A. and Valleri, M. (2004) A Multipurpose Sniffer for Switched LANs.
http://ettercap.sf.net

[3]   Wagner, R. (2001) Address Resolution Protocol Spoofing and Man in the Middle Attacks. SANS Institute.
https://www.sans.org/reading-room/whitepapers/threats/address-resolution-protocol-spoofing-man-in-the-middle-attacks-474

[4]   Bellovin, S.M. (2004) A Look Back at ‘‘Security Problems in the TCP/IP Protocol Suite’’. Proceedings of the 20th Annual Computer Security Application Conference (ACSAC), Tucson, 6-10 December 2004, 229-249.
http://dx.doi.org/10.1109/CSAC.2004.3

[5]   Bruschi, D., Ornaghi, A. and Rosti, E. (2003) S-ARP: A Secure Address Resolution Protocol. Proceedings of the 19th Annual Computer Security Applications Conference, Las Vegas, 8-12 December 2003, 66-74.
http://dx.doi.org/10.1109/csac.2003.1254311

[6]   Gouda, M.G. and Huang, C-T. (2003) A Secure Address Resolution Protocol. Computer Networks, 41, 57-71.
http://dx.doi.org/10.1016/S1389-1286(02)00326-2

[7]   Issac, B. (2009) Secure ARP and Secure DHCP Protocols to Mitigate Security Attacks. International Journal of Network Security, 8, 107-118.

[8]   Lootah, W., Enck, W. and McDaniel, P. (2007) TARP: Ticket-Based Address Resolution Protocol. Computer Networks, 51, 4322-4337.
http://dx.doi.org/10.1016/j.comnet.2007.05.007

[9]   Venkatramulu, S. and Guru Rao, C.V. (2013) Various Solutions for Address Resolution Protocol Spoofing Attacks. International Journal of Scientific and Research Publications, 3, 2250-3153.

[10]   Hong, S., Oh, M. and Lee, S. (2013) Design and Implementation of an Efficient Defense Mechanism against ARP Spoofing Attacks Using AES and RSA. Mathematical and Computer Modelling, 58, 254-260.
http://dx.doi.org/10.1016/j.mcm.2012.08.008

[11]   Gouda, M.G. and Huang, C.T. (2003) A Secure Address Resolution Protocol. Computer Networks, 41, 57-71.
http://dx.doi.org/10.1016/S1389-1286(02)00326-2

[12]   Ramachandran, V. and Nandi, S. (2005) Detecting ARP Spoofing: An Active Technique. In: Jajodia, S. and Mazumdar, C., Eds., Information Systems Security, Springer, Berlin, Heidelberg, 239-250.
http://dx.doi.org/10.1007/11593980_18

[13]   Pansa, D. and Chomsiri, T. (2008) Architecture and Protocols for Secure Land by Using a Software-Level Certificate and Cancellation of ARP Protocol. ICCIT’08 3rd International Conference on Convergence and Hybrid Information Technology, 2, 21-26.

[14]   Jinhua, G. and Kejian, X. (2013) ARP Spoofing Detection Algorithm Using ICMP Protocol. International Conference on Computer Communication and Informatics, Coimbatore, 4-6 January 2013, 1-6.
http://dx.doi.org/10.1109/iccci.2013.6466290

[15]   Biondi, P. (2007) Scapy Website. Retrieved on May 2015.
http://www.secdev.org/projects/scapy/