ARP Poisoning Detection and Prevention Mechanism using Voting and ICMP packets

Abstract

To tap into the communication; modify traffic; and stop the network traffic is always the intension of an attacker. ARP poi- soning is one of the simplest ways to accomplish these malicious intensions of the attacker. Objective: For detection and prevention of such attempt; a concept of voting and ICMP echo requests has been introduced to verify the binding and defend these malicious intensions of the attacker. Methods: A voting is done to validate the binding from the other hosts of the LAN such that if attacker pretends to be a new host; it can easily be detected. In case of mismatch of IP or MAC; ICMP echo packets have been used. Findings: The validation performed by each host has made the scheme free from being centralized and even do not demand any incompatibility or modification in the existing protocol model. Implementation is conducted on Ubuntu using raw socket coding in python and scapy. ICMP packets are created and spoofing is conducted. Fake ARP packet is sent using packEth and the incoming and outgoing of packets between the hosts is analyzed using Wireshark. Improvements/ Application: New host entering the network is also validated in this scheme. The scheme can effectively mitigate LAN attacks