Abstract: Address Resolution Protocol (ARP) Poisoning attack is considered as one of the most devastating attacks in a network context. As a result of its stateless nature and lack of authentication, this protocol suffers from many spoofing attacks in which attackers poison the cache of hosts on the network. By sending spoofed ARP requests and replies. This paper proposes an approach for detecting and mitigating ARP poisoning. This approach includes three modules: Module 1 for giving permission for first time and to store information in the database. There a security measure using MD5 hash is used. Module 2 is for avoiding internal ARP. Module 3 is for detecting whether a MAC has two IPs or an IP has two MACs. The architecture includes a database that gives a great facility and support for storing ARP table information. As ARP table entries generally expire after a short amount of time. To ensure changes in the network are accounted for. Experiments were conducted on real life network environment using Ettercap to check the functionality of the proposed mechanism. The results of experiments show that the proposed approach was able to detect and mitigate ARP poisoning. Especially, whether a MAC has two IPs or an IP has two MACs.

Ahmed A. Galal, Atef Z. Ghalwash and Mona Nasr, “A New Approach for Detecting and Mitigating Address Resolution Protocol (ARP) Poisoning” International Journal of Advanced Computer Science and Applications(IJACSA), 13(6), 2022. http://dx.doi.org/10.14569/IJACSA.2022.0130647

@article{Galal2022,
title = {A New Approach for Detecting and Mitigating Address Resolution Protocol (ARP) Poisoning},
journal = {International Journal of Advanced Computer Science and Applications},
doi = {10.14569/IJACSA.2022.0130647},
url = {http://dx.doi.org/10.14569/IJACSA.2022.0130647},
year = {2022},
publisher = {The Science and Information Organization},
volume = {13},
number = {6},
author = {Ahmed A. Galal and Atef Z. Ghalwash and Mona Nasr}
}