Two methods for active detection and prevention of sophisticated ARP-poisoning Man-in-the-Middle attacks on switched Ethernet LANs

Kenan Kalajdzic, Ahmed Patel, Mona Taghavi

    Research output: Contribution to journalArticle

    2 Citations (Scopus)

    Abstract

    This paper describes two novel methods for active detection and prevention of ARP-poisoning-based Man-in-the-Middle (MitM) attacks on switched Ethernet LANs. As a stateless and inherently insecure protocol, ARP has been used as a relatively simple means to launch Denial-of-Service (DoS) and MitM attacks on local networks and multiple solutions have been proposed to detect and prevent these types of attacks. MitM attacks are particularly dangerous, because they allow an attacker to monitor network traffc and break the integrity of data being sent over the network. The authors introduce backwards compatible techniques to prevent ARP poisoning and deal with sophisticated stealth MitM programs.

    Original languageEnglish
    Pages (from-to)50-60
    Number of pages11
    JournalInternational Journal of Digital Crime and Forensics
    Volume3
    Issue number3
    DOIs
    Publication statusPublished - Jul 2011

    Fingerprint

    Ethernet
    Local area networks
    Network protocols

    Keywords

    • ARP poisoning
    • Digital forensics
    • Intrusion detection & prevention
    • Man-in-the-Middle attacks
    • Protocols
    • Security

    ASJC Scopus subject areas

    • Software

    Cite this

    Two methods for active detection and prevention of sophisticated ARP-poisoning Man-in-the-Middle attacks on switched Ethernet LANs. / Kalajdzic, Kenan; Patel, Ahmed; Taghavi, Mona.

    In: International Journal of Digital Crime and Forensics, Vol. 3, No. 3, 07.2011, p. 50-60.

    Research output: Contribution to journalArticle

    @article{9aa9970901244dbc9e69cfd56de42d88,
    title = "Two methods for active detection and prevention of sophisticated ARP-poisoning Man-in-the-Middle attacks on switched Ethernet LANs",
    abstract = "This paper describes two novel methods for active detection and prevention of ARP-poisoning-based Man-in-the-Middle (MitM) attacks on switched Ethernet LANs. As a stateless and inherently insecure protocol, ARP has been used as a relatively simple means to launch Denial-of-Service (DoS) and MitM attacks on local networks and multiple solutions have been proposed to detect and prevent these types of attacks. MitM attacks are particularly dangerous, because they allow an attacker to monitor network traffc and break the integrity of data being sent over the network. The authors introduce backwards compatible techniques to prevent ARP poisoning and deal with sophisticated stealth MitM programs.",
    keywords = "ARP poisoning, Digital forensics, Intrusion detection & prevention, Man-in-the-Middle attacks, Protocols, Security",
    author = "Kenan Kalajdzic and Ahmed Patel and Mona Taghavi",
    year = "2011",
    month = "7",
    doi = "10.4018/jdcf.2011070104",
    language = "English",
    volume = "3",
    pages = "50--60",
    journal = "International Journal of Digital Crime and Forensics",
    issn = "1941-6210",
    publisher = "IGI Global Publishing",
    number = "3",

    }

    TY - JOUR

    T1 - Two methods for active detection and prevention of sophisticated ARP-poisoning Man-in-the-Middle attacks on switched Ethernet LANs

    AU - Kalajdzic, Kenan

    AU - Patel, Ahmed

    AU - Taghavi, Mona

    PY - 2011/7

    Y1 - 2011/7

    N2 - This paper describes two novel methods for active detection and prevention of ARP-poisoning-based Man-in-the-Middle (MitM) attacks on switched Ethernet LANs. As a stateless and inherently insecure protocol, ARP has been used as a relatively simple means to launch Denial-of-Service (DoS) and MitM attacks on local networks and multiple solutions have been proposed to detect and prevent these types of attacks. MitM attacks are particularly dangerous, because they allow an attacker to monitor network traffc and break the integrity of data being sent over the network. The authors introduce backwards compatible techniques to prevent ARP poisoning and deal with sophisticated stealth MitM programs.

    AB - This paper describes two novel methods for active detection and prevention of ARP-poisoning-based Man-in-the-Middle (MitM) attacks on switched Ethernet LANs. As a stateless and inherently insecure protocol, ARP has been used as a relatively simple means to launch Denial-of-Service (DoS) and MitM attacks on local networks and multiple solutions have been proposed to detect and prevent these types of attacks. MitM attacks are particularly dangerous, because they allow an attacker to monitor network traffc and break the integrity of data being sent over the network. The authors introduce backwards compatible techniques to prevent ARP poisoning and deal with sophisticated stealth MitM programs.

    KW - ARP poisoning

    KW - Digital forensics

    KW - Intrusion detection & prevention

    KW - Man-in-the-Middle attacks

    KW - Protocols

    KW - Security

    UR - http://www.scopus.com/inward/record.url?scp=80053046009&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=80053046009&partnerID=8YFLogxK

    U2 - 10.4018/jdcf.2011070104

    DO - 10.4018/jdcf.2011070104

    M3 - Article

    VL - 3

    SP - 50

    EP - 60

    JO - International Journal of Digital Crime and Forensics

    JF - International Journal of Digital Crime and Forensics

    SN - 1941-6210

    IS - 3

    ER -