ArpON

Last updated
ArpON – ARP handler inspection
Original author(s) Andrea Di Pasquale
Initial releaseJuly 8, 2008;15 years ago (2008-07-08)
Stable release
3.0-ng / January 29, 2016;8 years ago (2016-01-29)
Written in C
Operating system Linux
Platform Unix-like, POSIX
Available in English
Type Network security, Computer security
License BSD license
Website arpon.sourceforge.io

ArpON (ARP handler inspection) [1] is a computer software project to improve network security. [2] It has attracted interest among network managers [3] [4] [5] [6] [7] and academic researchers [8] [9] [10] [11] [12] [13] and is frequently cited as a means of protecting against ARP-based attacks. [14] [15] [16]

Contents

Motivation

The Address Resolution Protocol (ARP) has many security issues. These include the Man In The Middle (MITM) attack through the ARP Spoofing, [17] ARP Cache Poisoning, [18] [19] [20] Denial of Service [21] and ARP Poison Routing attacks. [22] [23] [24]

Solution

ArpON is a Host-based solution that make the ARP standardized protocol secure in order to avoid the Man In The Middle (MITM) attack through the ARP spoofing, ARP cache poisoning or ARP poison routing attack.

This is possible using three kinds of anti ARP spoofing techniques:

The goal of ArpON is therefore to provide a secure and efficient network daemon that provides the SARPI, DARPI and HARPI anti ARP spoofing technique, thus making the ARP standardized protocol secure from any foreign intrusion.[ citation needed ]

See also

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security, cybersecurity, digital security or information technology security is the protection of computer systems and networks from attacks by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

<span class="mw-page-title-main">Denial-of-service attack</span> Type of cyber-attack

In computing, a denial-of-service attack is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to a network. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. The range of attacks varies widely, spanning from inundating a server with millions of requests to slow its performance, overwhelming a server with a substantial amount of invalid data, to submitting requests with an illegitimate IP address.

The Address Resolution Protocol (ARP) is a communication protocol used for discovering the link layer address, such as a MAC address, associated with a given internet layer address, typically an IPv4 address. This mapping is a critical function in the Internet protocol suite. ARP was defined in 1982 by RFC 826, which is Internet Standard STD 37.

An intrusion detection system is a device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically either reported to an administrator or collected centrally using a security information and event management (SIEM) system. A SIEM system combines outputs from multiple sources and uses alarm filtering techniques to distinguish malicious activity from false alarms.

In cryptography and computer security, a man-in-the-middle (MITM) attack, or in-path attack, is a cyberattack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other, as the attacker has inserted themselves between the two parties.

<span class="mw-page-title-main">ARP spoofing</span> Cyberattack which associates the attackers MAC address with the IP address of another host

In computer networking, ARP spoofing, ARP cache poisoning, or ARP poison routing, is a technique by which an attacker sends (spoofed) Address Resolution Protocol (ARP) messages onto a local area network. Generally, the aim is to associate the attacker's MAC address with the IP address of another host, such as the default gateway, causing any traffic meant for that IP address to be sent to the attacker instead.

In the context of information security, and especially network security, a spoofing attack is a situation in which a person or program successfully identifies as another by falsifying data, to gain an illegitimate advantage.

In computer security, a side-channel attack is any attack based on extra information that can be gathered because of the fundamental way a computer protocol or algorithm is implemented, rather than flaws in the design of the protocol or algorithm itself or minor, but potentially devastating, mistakes or oversights in the implementation. Timing information, power consumption, electromagnetic leaks, and sound are examples of extra information which could be exploited to facilitate side-channel attacks.

<span class="mw-page-title-main">Content delivery network</span> Layer in the internet ecosystem addressing bottlenecks

A content delivery network or content distribution network (CDN) is a geographically distributed network of proxy servers and their data centers. The goal is to provide high availability and performance by distributing the service spatially relative to end users. CDNs came into existence in the late 1990s as a means for alleviating the performance bottlenecks of the Internet as the Internet was starting to become a mission-critical medium for people and enterprises. Since then, CDNs have grown to serve a large portion of the Internet content today, including web objects, downloadable objects, applications, live streaming media, on-demand streaming media, and social media sites.

End-to-end encryption (E2EE) is a private communication system in which only communicating users can participate. As such, no one, including the communication system provider, telecom providers, Internet providers or malicious actors, can access the cryptographic keys needed to converse.

DNS spoofing, also referred to as DNS cache poisoning, is a form of computer security hacking in which corrupt Domain Name System data is introduced into the DNS resolver's cache, causing the name server to return an incorrect result record, e.g. an IP address. This results in traffic being diverted to any computer that the attacker chooses.

Private peer-to-peer (P2P) systems are peer-to-peer (P2P) systems that allow only mutually trusted peers to participate. This can be achieved by using a central server such as a Direct Connect hub to authenticate clients. Alternatively, users can exchange passwords or cryptographic keys with friends to form a decentralized network. Private peer-to-peer systems can be divided into friend-to-friend (F2F) and group-based systems. Friend-to-friend systems only allow connections between users who know one another, but may also provide automatic anonymous forwarding. Group-based systems allow any user to connect to any other, and thus they cannot grow in size without compromising their users' privacy. Some software, such as WASTE, can be configured to create either group-based or F2F networks.

Cache poisoning refers to a computer security vulnerability where invalid entries can be placed into a cache, which are then assumed to be valid when later used. Two common varieties are DNS cache poisoning and ARP cache poisoning. Web cache poisoning involves the poisoning of web caches. Attacks on other, more specific, caches also exist.

<span class="mw-page-title-main">Aircrack-ng</span> Software suite

Aircrack-ng is a network software suite consisting of a detector, packet sniffer, WEP and WPA/WPA2-PSK cracker and analysis tool for 802.11 wireless LANs. It works with any wireless network interface controller whose driver supports raw monitoring mode and can sniff 802.11a, 802.11b and 802.11g traffic. Packages are released for Linux and Windows.

<span class="mw-page-title-main">DHCP snooping</span> Techniques to secure DHCP service

In computer networking, DHCP snooping is a series of techniques applied to improve the security of a DHCP infrastructure.

Virgil Dorin Gligor is a Romanian-American professor of electrical and computer engineering who specializes in the research of network security and applied cryptography.

In computer security, a cold boot attack is a type of side channel attack in which an attacker with physical access to a computer performs a memory dump of a computer's random-access memory (RAM) by performing a hard reset of the target machine. Typically, cold boot attacks are used for retrieving encryption keys from a running operating system for malicious or criminal investigative reasons. The attack relies on the data remanence property of DRAM and SRAM to retrieve memory contents that remain readable in the seconds to minutes following a power switch-off.

Software-defined networking (SDN) is an approach to network management that enables dynamic and programmatically efficient network configuration to improve network performance and monitoring in a manner more akin to cloud computing than to traditional network management. SDN is meant to improve the static architecture of traditional networks and may be employed to centralize network intelligence in one network component by disassociating the forwarding process of network packets from the routing process. The control plane consists of one or more controllers, which are considered the brains of the SDN network, where the whole intelligence is incorporated. However, centralization has certain drawbacks related to security, scalability and elasticity.

The link layer is the lowest layer in the TCP/IP model. It is also referred to as the network interface layer and mostly equivalent to the data link layer plus physical layer in OSI. This particular layer has several unique security vulnerabilities that can be exploited by a determined adversary.

An ARP cache is a collection of Address Resolution Protocol entries, that are created when an IP address is resolved to a MAC address.

References

  1. "ArpON(8) manual page".
  2. "ArpON – Google books".
  3. Kaspersky lab. "Storage Cloud Infrastructures – Detection and Mitigation of MITM Attacks" (PDF). Archived from the original (PDF) on 2015-12-24. Retrieved 2015-05-28.
  4. Prowell, Stacy; et al. (2010-06-02). Seven Deadliest Network Attacks. Elsevier. p. 135. ISBN   9781597495509.
  5. Gary Bahadur, Jason Inasi; et al. (2011-10-10). Securing the Clicks Network Security in the Age of Social Media. McGraw Hill Professional. p. 96. ISBN   9780071769051.
  6. Wason, Rohan (2014-06-26). A Professional guide to Ethical Hacking: All about Hacking.
  7. Prowse, David L (2014-09-05). CompTIA Security+ SY0-401 Cert Guide, Academic Edition. Pearson IT Certification. ISBN   9780133925869.
  8. Stanford University. "An Introduction to Computer Networks" (PDF).
  9. Martin Zaefferer, Yavuz Selim Inanir; et al. "Intrusion Detection: Case Study" (PDF).
  10. Jaroslaw Paduch, Jamie Levy; et al. "Using a Secure Permutational Covert Channel to Detect Local and Wide Area Interposition Attacks" (PDF). Archived from the original (PDF) on 2015-04-02. Retrieved 2015-03-31.
  11. Xiaohong Yuan, David Matthews; et al. "Laboratory Exercises for Wireless Network Attacks and Defenses" (PDF).
  12. Hofbauer, Stefan. "A privacy conserving approach for the development of Sip security services to prevent certain types of MITM and Toll fraud attacks in VOIP systems" (PDF).
  13. D. M. de Castro, E. Lin; et al. "Typhoid Adware" (PDF).
  14. Jing (Dave) Tian, Kevin R. B. Butler; et al. "Securing ARP From the Ground Up" (PDF). Archived from the original (PDF) on 2015-04-02. Retrieved 2015-03-31.
  15. Palm, Patrik. "ARP Spoofing" (PDF).
  16. T. Mirzoev, J. S. White (2014). "The role of client isolation in protecting Wi-Fi users from ARP Spoofing attacks". I-managers Journal on Information Technology. 1 (2). arXiv: 1404.2172 . Bibcode:2014arXiv1404.2172M.
  17. Trabelsi, Zouheir; El-Hajj, Wassim (2009-09-25). "ARP spoofing: A comparative study for education purposes". 2009 Information Security Curriculum Development Conference. InfoSecCD '09. New York, NY, USA: Association for Computing Machinery. pp. 60–66. doi:10.1145/1940976.1940989. ISBN   978-1-60558-661-8. S2CID   10341159.
  18. Goyal, Vipul; Tripathy, Rohit (2005). "An Efficient Solution to the ARP Cache Poisoning Problem". In Boyd, Colin; González Nieto, Juan Manuel (eds.). Information Security and Privacy. Lecture Notes in Computer Science. Vol. 3574. Berlin, Heidelberg: Springer. pp. 40–51. doi:10.1007/11506157_4. ISBN   978-3-540-31684-8.
  19. Shah, Zawar; Cosgrove, Steve (2019). "Mitigating ARP Cache Poisoning Attack in Software-Defined Networking (SDN): A Survey". Electronics. 8 (10): 1095. doi: 10.3390/electronics8101095 . ISSN   2079-9292.
  20. Meghana, Jitta Sai; Subashri, T.; Vimal, K.R. (2017). "A survey on ARP cache poisoning and techniques for detection and mitigation". 2017 Fourth International Conference on Signal Processing, Communication and Networking (ICSCN). pp. 1–6. doi:10.1109/ICSCN.2017.8085417. ISBN   978-1-5090-4740-6. S2CID   23515882.
  21. Alharbi, Talal; Durando, Dario; Pakzad, Farzaneh; Portmann, Marius (2016). "Securing ARP in Software Defined Networks". 2016 IEEE 41st Conference on Local Computer Networks (LCN). pp. 523–526. doi:10.1109/LCN.2016.83. ISBN   978-1-5090-2054-6. S2CID   15480749.
  22. Nachreiner, Corey. "Anatomy of an ARP Poisoning Attack" (PDF). Retrieved 2023-08-24.
  23. Nam, Seung Yeob; Kim, Dongwon; Kim, Jeongeun (2010). "Enhanced ARP: preventing ARP poisoning-based man-in-the-middle attacks". IEEE Communications Letters. 14 (2): 187–189. doi:10.1109/LCOMM.2010.02.092108. ISSN   1558-2558. S2CID   8353460.
  24. Bicakci, Kemal; Tavli, Bulent (2009-09-01). "Denial-of-Service attacks and countermeasures in IEEE 802.11 wireless networks". Computer Standards & Interfaces. Specification, Standards and Information Management for Distributed Systems. 31 (5): 931–941. doi:10.1016/j.csi.2008.09.038. ISSN   0920-5489.
  25. 1 2 3 Bruschi, Danilo; Di Pasquale, Andrea; Ghilardi, Silvio; Lanzi, Andrea; Pagani, Elena (2022). "A Formal Verification of ArpON – A Tool for Avoiding Man-in-the-Middle Attacks in Ethernet Networks". IEEE Transactions on Dependable and Secure Computing. 19 (6): 4082–4098. doi: 10.1109/TDSC.2021.3118448 . hdl: 2434/903256 . ISSN   1941-0018. S2CID   242519128.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.