A solution for ARP spoofing: Layer-2 MAC and protocol filtering and arpserver

TL;DR

This paper proposes a novel layer-2 security solution using MAC and protocol filtering along with an ARP server to prevent ARP spoofing attacks within local networks, addressing a common internal threat.

Contribution

It introduces a new method combining ACLs and an ARP server to effectively prevent ARP spoofing, which is not well addressed by existing security tools.

Findings

Effective prevention of ARP spoofing attacks demonstrated

Implementation of ACLs and ARPserver reduces internal network vulnerabilities

Enhanced security against MITM attacks within LANs

Abstract

Most attacks are launched inside the companies by the employees of the same company. These kinds of attacks are generally against layer-2, not against layer-3 or IP. These attacks abuse the switch operation at layer-2. One of the attacks of this kind is Address Resolution Protocol (ARP) Spoofing (sometimes it is called ARP poisoning). This attack is classified as the 'man in the middle' (MITM) attack. The usual security systems such as (personal) firewalls or virus protection software can not recognize this type of attack. Taping into the communication between two hosts one can access the confidential data. Malicious software to run internal attacks on a network is freely available on the Internet, such as Ettercap. In this paper a solution is proposed and implemented to prevent ARP Spoofing. In this proposal access control lists (ACL) for layer-2 Media Access Control (MAC) address and protocol filtering and an application called ARPserver which will reply all ARP requests are used.