| As the technology of communication and computer science being used in various industries, the internet technology is coming into people's work and life. Sharing and application of network information are increasingly widespread nowadays, so people pay more and more attention to the network security issues. The problems such as Trojans, viruses, unauthorized access, illegal scanning, denial of service attacks and all kings of deceptions have seriously threatened or even damaged the interests of certain authorized users, and disrupted the normal network environment.In this paper, ARP (Address Resolution Protocol) deception and its solution in the local area network (LAN) are studied. There are two modules to be researched: the deception module and the monitoring module.In the deception module, false ARP packets are packed and broadcasted in LAN, and the hosts in communication update their ARP cache tables with the false IP-MAC mapping information in the ARP packets, then the hosts get the wrong IP-MAC mapping from their ARP cache tables which results the communication interruption. The monitoring module includes two major parts. The first part is the database, which is established by the network administrator, and it contains the original IP-MAC information of all the hosts in LAN. The second part is the front-end monitoring software, which provides three main functions: The first is checking the local network parameters, the second is monitoring every group of IP-MAC information in the ARP cache table and determining the type and accuracy, the third is IP-MAC static binding.These two modules are both developed in Visual C++6.0 and the WinPcap (Windows Packet Capture) driver is used. Access is used to establish mapping table in the monitoring module. In LAN of the laboratory, the deception module successfully sends counterfeit packets and changes the cache tables of the hosts which are in communication, and then interrupts the communication. The monitoring module not only inspects the local cache table and modifies it from abnormal variation, but also prevents other deceptive information by static binding, so it can effectively prevent the communication in LAN from the impact of ARP deception.The research results have been applied in the scientific research project for the Ministry of Communications, and Navigation Research Institute in Dalian Maritime University is in charge of the project—Study on Information Sharing Technologies of VTS, AIS and the Network Monitoring System, the major purpose of this project is to solve the critical technologies of information sharing in the marine safety information. |
PDF Full Text Request