Journal of information and communication convergence engineering

The Korea Institute of Information and Commucation Engineering (한국정보통신학회)
권호 표지
DOI QR코드

DOI QR Code

ARP Modification for Prevention of IP Spoofing

  • Kang, Jung-Ha (Department of Information and Communication Engineering, Hanbat National University) ;
  • Lee, Yang Sun (Division of Computer Engineering, Mokwon University) ;
  • Kim, Jae Young (IT Convergence Technology Research Lab., Electronics and Telecommunications Research Institute) ;
  • Kim, Eun-Gi (Department of Information and Communication Engineering, Hanbat National University)
  • Received : 2014.04.17
  • Accepted : 2014.07.09
  • Published : 2014.09.30
Download PDF
⟨ Previous Next ⟩

Abstract

The address resolution protocol (ARP) provides dynamic mapping between two different forms of addresses: the 32-bit Internet protocol (IP) address of the network layer and the 48-bit medium access control (MAC) address of the data link layer. A host computer finds the MAC address of the default gateway or the other hosts on the same subnet by using ARP and can then send IP packets. However, ARP can be used for network attacks, which are one of the most prevalent types of network attacks today. In this study, a new ARP algorithm that can prevent IP spoofing attacks is proposed. The proposed ARP algorithm is a broadcast ARP reply and an ARP notification. The broadcast ARP reply was used for checking whether the ARP information was forged. The broadcast ARP notification was used for preventing a normal host's ARP table from being poisoned. The proposed algorithm is backward compatible with the current ARP protocol and dynamically prevents any ARP spoofing attacks. In this study, the proposed ARP algorithm was implemented on the Linux operating system; here, we present the test results with respect to the prevention of ARP spoofing attacks.

Keywords

References

  1. D. C. Plummer, "An Ethernet address resolution protocol," RFC 826, 1982.
  2. W. R. Stevens, TCP/IP Illustrated (Volume 1. The Protocols). Reading, MA: Addison-Wesley, 1994.
  3. R. Braden, "Requirements for Internet hosts: communication layers," RFC 1122, 1989.
  4. W. R. Stevens and G. R. Wright, TCP/IP Illustrated (Volume21. The Implementation). Reading, MA: Addison-Wesley, 1994.
  5. Linux source code [Internet], Available: http://www.kernel.org/pub/linux/kernel/v2.6.
  6. S. G. Bhirud and V. Katkar, "Light weight approach for IP-ARP spoofing detection and prevention," in Proceedings of the 2nd Asian Himalayas International Conference on Internet (AH-ICI), Kathmandu, Nepal, pp. 1-5, 2011.
  7. W. Xing, Y. Zhao, and T. Li, "Research on the defense against ARP spoofing attacks based on WinPcaP," in Proceedings of the 2nd International Workshop on Education Technology and Computer Science (ETCS), Wuhan, China, pp. 762-765, 2010.
  8. K. Wehrle, F. Pahlke, H. Ritter, D. Muller, and M. Bechler, The Linux Networking Architecture: Design and Implementation of Network Protocols in the Linux Kernel. Upper Saddle River, NJ: Pearson Prentice Hall, 2004.
  9. J. Corbet, Linux Device Drivers, 3rd ed. Beijing: O'Reilly, 2005.
  10. A. Bremler-Barr and H. Levy, "Spoofing prevention method," in Proceedings of the 24th Annual Joint Conference of the IEEE Computer and Communications Societies, Miami, FL, pp. 536-547, 2005.
  11. K. Yaghmour, Building Embedded Linux Systems, 2nd ed. Sebastopol, CA: O'Reilly, 2008.