Portal de Periódicos da CAPES

ARP Poisoning Detection and Prevention Mechanism using Voting and ICMP packets

2018; Indian Society for Education and Environment; Volume: 11; Issue: 22 Linguagem: Inglês

10.17485/ijst/2018/v11i22/92337

0974-6846

Sweta Singh, Dayashankar Singh,

Internet Traffic Analysis and Secure E-voting

To tap into the communication, modify traffic, and stop the network traffic is always the intension of an attacker. ARP poisoning is one of the simplest ways to accomplish these malicious intensions of the attacker. Objective: For detection and prevention of such attempt, a concept of voting and ICMP echo requests has been introduced to verify the binding and defend these malicious intensions of the attacker. Methods: A voting is done to validate the binding from the other hosts of the LAN such that if attacker pretends to be a new host, it can easily be detected. In case of mismatch of IP or MAC, ICMP echo packets have been used. Findings: The validation performed by each host has made the scheme free from being centralized and even do not demand any incompatibility or modification in the existing protocol model. Implementation is conducted on Ubuntu using raw socket coding in python and scapy. ICMP packets are created and spoofing is conducted. Fake ARP packet is sent using packEth and the incoming and outgoing of packets between the hosts is analyzed using Wireshark. Improvements/ Application: New host entering the network is also validated in this scheme. The scheme can effectively mitigate LAN attacks. Keywords: Address Resolution Protocol (ARP), ARP Poisoning, ICMP (Internet Control Message Protocol), LAN attacks, Voting