HANDLING ARP BASED SPOOFING ATTACKS

Abstract

he classic Man-in-the-Middle(ARP Spoofing) attack relies upon convincing two hosts that the computer in the middle is the other host. This can be accomplished with a domain name spoof if the system is using DNS to identify the other host or address resolution protocol (ARP) spoofing on the LAN. This thesis is designed to introduce and explain ARP spoofing and DNS spoofing and their prevention measures. Throughout the Internet, IP is used for communications. Once an IP packet comes into a Local Area Network (LAN) it must be converted into a packet that the LAN can understand. An IP packet is encapsulated into an Ethernet frame for local handling. Ethernet is the most common type of network and other types of networks handle communications differently. Ethernet does not communicate via IP addresses, but uses the hardware address instead. Ethernet uses the Address Resolution Protocol (ARP) to resolve IP addresses into hardware addresses. This hardware address is also called the Media Access Controllers (MAC) addresses. Once the destination’s MAC address is determined, the encapsulated IP packet can be transmitted to the host. Every network device must have an unique MAC address for the Ethernet LAN to function correctly. All Ethernet hosts and switches keep a list of MAC and IP address in a table and will request this information from the network when a new IP address is requested or a table entry expires. The TCP/IP protocol based host trusts on its IP/MAC table.ARP spoofing attacks involve tricking a system into modifying its MAC table and sending the data to the attacker instead. The purpose of this thesis is to look at several ways and methods for modifying ARP cache information and how to defend the network against ARP spoofing attacks.