A hardware approach for detecting the ARP attack

Abstract

This paper describes Address Resolution Protocol (ARP) and the ARP cache poisoning (ARP SPOOFING) problem and presents a proposed architecture for detecting the ARP attacks. In addition, it discusses a set of techniques used to detect the ARP poisoning attacks on switched Ethernet networks. A new practical technique by adding external hardware element to the LAN network to work as sniffer is suggested. These external elements are combined in architecture for practical implementation in production network. Results from laboratory and real-world detection experiments using several popular attack tools are also presented. The obtained practical results illustrate that the practical board works successfully for detecting the ARP attack.