A Flexible ARP Spoof Detection & Prevention System for Organizations

Address Resolution Protocol (ARP) is a crucial mechanism to map between Internet Protocol (IP) and Medium Access Control (MAC) addresses. According tolthe ARP process, an ARP cache is always updated by incoming ARP reply or request packets. So, the ARP cache can be poisoned and vulnerable to ARP spoofing attacks. The attacks can cause several problems, such as Denial of Service (DoS) or confidential information eavesdropping. From the literature, several ARP detection and protection solutions have been proposed. However, all of them have several drawbacks. In particular, all previous solutions do not suit to the organization that has multiple LANs. So, this research has proposed to improve the ARP detection/protection techniques by improving the detection technique, gateway rehabilitation mechanism and ARP spoof detection in a network gateway. We have also prototyped our solution and experimented with it on a network test-bed. Our experimental results have demonstrated the improvement of detection, protection and reporting mechanisms.