| With the rapid development of Internet technology, people pay more attention to the security of internet transmission when they enjoy the conveniences brought by the technology. The security of the network protocol is necessary to Internet system, so it has been widely studied by more and more people. The development of Internet technology is due to the own characteristics of TCP/IP, such as opening and efficiency. However, without consideration about the network security, TCP/IP technology also leads to more security risks. ARP(Address resolution Protocal) is an important part of TCP/IP, and it may resolve IP address into MAC address in Local Area Networks, whereas the design is based on the trust among the network equipments. According to the loophole in design, many Trojan horses and viruses carry out ARP spoofing attacks to Local Area Networks, which bring about serious threat to the network security. Many scholars have studied in this area and made some significant achievements. Even though some strategies have been relatively mature in actual application projects, there are still certain limitations in defensive capability.In this paper, ARP spoofing theory and the existing defense methods are discussed. In order to defend against ARP spoofing attacks and improve network security, we studies on the defense methods for ARP spoofing from theoretical basis, experimental verification, system implementation and so on. The main work is as follows:Firstly, the related theory of ARP, such as OSI/RM, TCP/IP, Ethernet, IP address and MAC address, are introduced. Then this paper focuses on the operating mechanism of ARP, including ARP cache, ARP frame structure and packet structure, the process of ARP request and reply, Deputy ARP and Free ARP. Secondly, the principle of ARP attacks and the classification of ARP spoofing are analized, and we compare ARP spoofing with traditional attacking methods. In order to obtain the characteristics of ARP protocol in Windows OS, the application ARPTable is developed to browse ARP cache instead of ARP commands. Based on a lot of experimental results, the least number of correct content keywords has been obtained, which can lead to ARP spoofing in Windows XP sp2. As well, the four characteristics of ARP in Windows OS are summarized, so we can conclude that Windows OS has no test on the reliability of the cache content before updating ARP cache while it receives ARP Request and Reply packet. Thirdly, according to the above flaw, a client-server model defending against ARP spoofing is proposed, which suits those LANs with low-end switches and can improve their security. Finally, a defense system is designed. It could be used in medium-scale or small-scale LAN, such as computer rooms, enterprises and Internet cafes, which require an environment of higher network security. |
PDF Full Text Request