| ARP protocol is used for completing the mapping from IP address to the MACaddress, it is designed by the premise of reliable LAN security, and the update ofcache do not have any authentication measures. The ARP deception attack uses theno connections and no authentication of defects about ARP agreement, it changesthe ARP cache through sending ARP fake packets to the target host, to steal othersaccount and the user personal information, It is an internal attack about the localarea network for the purpose of stopping or restricting others normal networkcommunication. The ARP deception attack is not completely solved since itsappearance, because the problems of the LAN caused by the ARP deceptionoccurance commonly, it has brought serious challenges to the network managementand the network security.This paper studies the characteristics of the ARP agreement, and uses theWinArpAttack software to do the simulation experiment about the ARP deceptionattack in the simulation area network, It summarizes the updating regulation of theARP cache and the ARP agreement vulnerabilities by the experiments. It analysesthe general way about the ARP deception attack and the common defense way, andpoints out the limitation and the shortcomings of the method. It studies the networkpacket capture and related applications of WinPcap. On the basis of the above work,it designs and realizes the way of real-time detection and recovery based on theWinPcap ARP deception.From the ARP data packets, through capturing thenetwork ARP packets and to test the hypotheses, according to the test results thismethod can real-time find the ARP deception attack and correct its mistakes of theARP cache record fast through sending the right ARP packets to the cheatedmachine. Finally in the simulation local area network it tests the method, test resultsshow that the proposed method can real-time detect ARP deception packets and canquickly recover the wrong mapping record in the ARP cache of the cheated host. |
PDF Full Text Request