Research on the defense against ARP spoofing attacks based on Winpcap

Abstract

Based on the study of the existing methods and the WinPcaP, aimed with the ARP spoofing attacks achieved mainly by disguising the gateway, the thesis presents a method of defending ARP spoofing attacks based on WinPcaP. The method is: Setting filtering rules by filtering mechanisms of the WinPcaP, and the system just captures the ARP packets flowing through the local card, and then sends the packets to the analysis module; In the analysis module, the system parses out the IP address and MAC address from the data packets, and sends them to the checking module; In the checking module, the system first judges whether the last number of the IP address is one, if not, the system gives up treating the packet, otherwise compares the IP/MAC to the right IP/MAC and sends the result to the response module; In the response module, if judging there exists ARP spoofing attacks, the system sends information to the users, modifies the ARP cache table and stores the information to the database server. © 2010 IEEE.