ARP Modification for Prevention of IP Spoofing

• Published in: Journal of Information and Communication Convergence Engineering, 12(3) Vol. 12; no. 3; pp. 154 - 160
• Main Authors: Kang, Jung-Ha, Lee, Yang Sun, Kim, Jae Young, Kim, Eun-Gi
• Format: Journal Article
• Language: English
• Published: 한국정보통신학회 30.09.2014
• Subjects: 전자/정보통신공학
• ISSN: 2234-8255; 2234-8883
• DOI: 10.6109/jicce.2014.12.3.154

The address resolution protocol (ARP) provides dynamic mapping between two different forms of addresses: the 32-bit Internet protocol (IP) address of the network layer and the 48-bit medium access control (MAC) address of the data link layer. A host computer finds the MAC address of the default gateway or the other hosts on the same subnet by using ARP and can then send IP packets. However, ARP can be used for network attacks, which are one of the most prevalent types of network attacks today. In this study, a new ARP algorithm that can prevent IP spoofing attacks is proposed. The proposed ARP algorithm is a broadcast ARP reply and an ARP notification. The broadcast ARP reply was used for checking whether the ARP information was forged. The broadcast ARP notification was used for preventing a normal host’s ARP table from being poisoned. The proposed algorithm is backward compatible with the current ARP protocol and dynamically prevents any ARP spoofing attacks. In this study, the proposed ARP algorithm was implemented on the Linux operating system; here, we present the test results with respect to the prevention of ARP spoofing attacks. KCI Citation Count: 1