| ARP (Address Resolution Protocol) spoofing attacks influence the security and efficiency of LAN, and put the users'benefits at risk. For example, the network is frequently broken, the privacy exposes, and important data is stole and so on. This paper proposes The Static IP-MAC Address Second Check Algorithm for small and medium Ethernet to solve this problem, and applies this algorithm to implement ARP spoofing prevention system.This paper introduces network reference model, IP address and MAC address firstly. In this part, we describe the operational principle and common ways of ARP spoofing based on the analysis of ARP protocol's operational principle and flaws. And then introduces the structure and use of Passthru driver in NDIS(Network Driver Interface Specification) technology as well as the shared memory technology.Secondly, we propose The Static IP-MAC Address Second Check Algorithm according to the actual needs of small and medium LANs. With this algorithm we mainly detect the ARP data frames of Ethernet data.It includes the detection of the head and the detection of the source/destination address's validity of the ARP data frame.Finally,using NDIS intermediate layer driver technology we secondly develop the Passthru which is brought by DDK(Driver Development Kits) according to the algorithm, and then implement a defensive system which real-time detect the ARP packets in the second check form. This system use the C/S mode,the client's main function is to intercept the ARP spoofing attack packages, the first check of the data, the transmission of the data and alarm.The main function of the server is to collect the addresses of the hosts, the second check of the data, the sending of feedback information and alarm. And the system is proved to have certain defense capability. |
PDF Full Text Request