| ARP (Address Resolution Protocol) is a foundation protocol ofcomputer network and has the responsible for resolving IP addresses intohardware, addresses of network interface. It was run on credible LAN early.But now, LAN is no longer a trusted network. Thus, there are some unsafefactors appear in ARP operation. At present, there are many examples aboutthe paralysis of individual host, enterprise network and campus network,causing by ARP attack. There have been several defense ways, proposed tosolve this problem. However, all of the previous have some criticaldrawbacks such as can’t find ARP attack immediately and can’t locate theattack source accurately and so on. Hence, in this paper, we have proposed aswitch-based ARP attack defense method in the LAN, which can overcomethese drawbacks. This way can detect the ARP attack in time, find out theattack source accurately and deal with the attack source. Further more, itcan not effect the communication among the normal hosts.This method defends against ARP attack from two ways. One way isdefense ARP flooding attack. ARP flooding attack will engender a lot offalse source MAC (Media Access Control) addresses. Based on this feature,we can use Configure Switch Port Security Policy to prevent ARP floodingattack. The other way is ARP spoofing attack. ARP spoofing attack will fakeas a gateway or a network host. So, some monitoring points have beendeployed in the LAN. Their tasks are to detect the false ARP packet. Then,we will find out the ARP attack source, according to the false MAC addressin the false ARP packet. Finally, we will deal with the ARP attack source.Through this method, a prototyped system has been implemented andexperimented on in this paper. The experimental results have demonstratedit has better performance than the previous ones. |
PDF Full Text Request