ARP Poisoning Detection and Prevention using Scapy

• Published in: Journal of physics. Conference series Vol. 1911; no. 1; pp. 12022 - 12031
• Main Authors: Majumdar, Aayush, Raj, Shruti, Subbulakshmi, T.
• Format: Journal Article
• Language: English
• Published: Bristol IOP Publishing 01.05.2021
• Subjects: Algorithms; IP (Internet Protocol); Libraries; Local area networks; Physics; Poisoning; Programming languages; Spoofing
• ISSN: 1742-6588; 1742-6596; 1742-6596
• DOI: 10.1088/1742-6596/1911/1/012022

Address Resolution Protocol is a protocol associated with mapping a given IP address with the associated MAC address. ARP Poisoning or Spoofing attack is an attack which carried out over a Local Area Network. In an ARP Poisoning/Spoofing attack malicious ARP Packets are sent to a default gateway on LAN with intent to change the IP address-MAC address pairings in the ARP cache table. ARP Spoof attack tool has been developed with a script written in Python Programming language using scapy library. A detection algorithm has been proposed for detecting the above generated ARP Poisoning attack (or any ARP Poisoning attack in general) and implemented the same using a python script with scapy library. The detection algorithm is based on analyzing the real MAC Address and response MAC Address of the ARP Packet sniffed for any discrepancies. Lastly, a prevention mechanism is proposed and implemented for ARP Poisoning attacks by implementing static entries in ARP table.