| ARP is the address resolution protocol。ARP is the low-level protocol in TCP/IP protocol stack,and it may resolve IP address into MAC address in local area networks.Because the design of ARP is based on the trust among the network equipments, so the update of ARP cache lacks effective authentication mechanism, which leds to a variety of forms of ARP spoof attacks. ARP virus attacks were produced by fake IP-MAC address, if hackers take advantage of this defect which caused by ARP itself to attack other cumputer systems,it will leads to serious consequences.At present, in order to solve the threat of ARP spoof in local area networks,many experts and scholars on this issue made a lot of meaningful exploration. Although these developed methods can provide users with some kind of security, but there are still some limitations more or less.In this paper, by the experiment of ARP spoof in the local area network (LAN),it is concluded that the nature of the ARP spoof: as long as the attacked host receives the faked ARP Reply packet can produce ARP spoof. So this paper based on this, combined with the function of network packet capture of WinPcap, designs and realizes a kind of ARP spoof detection and defense system. In order to determine whether there was a ARP spoof behaviour in the local area network (LAN),the system continuously captures the ARP Reply packets,and then identifies the authenticity of a ARP Reply packet’s IP-MAC address. If the system detects the ARP spoof behavior, in order to correct the victim host’s error IPMAC address of ARP cache, it sends the correct ARP Reply packet to the victim’s computer, to achieve the purpose of defense ARP spoof. Finally, test the defense capability of the system in the local area network (LAN),the experimental results show that , in the packet delay is more than 50 ms and discontinuous send fake ARP Reply packets cases, the system will be able to get the expected defense and recovery effect. |
PDF Full Text Request