ARP cache poisoning mitigation and forensics investigation

Mangut, Heman Awang; Al-Nemrat, A.; Benzaid, Chafika; Tawil, Abdel-Rahman H.; Mangut, Heman Awang; Al-Nemrat, A.; Benzaid, Chafika; Tawil, Abdel-Rahman H.

Repository landing page

oai:repository.uel.ac.uk:853qz

ARP cache poisoning mitigation and forensics investigation

Authors: Heman Awang Mangut
A. Al-Nemrat
Chafika Benzaid
Abdel-Rahman H. Tawil
Heman Awang Mangut
A. Al-Nemrat
Chafika Benzaid
Abdel-Rahman H. Tawil
Publication date: 1 January 2015
Publisher: IEEE
Doi

Abstract

Address Resolution Protocol (ARP) cache spoofing or poisoning is an OSI layer 2 attack that exploits the statelessness vulnerability of the protocol to make network hosts susceptible to issues such as Man in the Middle attack, host impersonation, Denial of Service (DoS) and session hijacking. In this paper, a quantitative research approach is used to propose forensic tools for capturing evidences and mitigating ARP cache poisoning. The baseline approach is adopted to validate the proposed tools. The evidences captured before attack are compared against evidences captured when the network is under attack in order to ascertain the validity of the proposed tools in capturing ARP cache spoofing evidences. To mitigate the ARP poisoning attack, the security features DHCP Snooping and Dynamic ARP Inspection (DAI) are enabled and configured on a Cisco switch. The experimentation results showed the effectiveness of the proposed mitigation technique

Similar works

Full text

Open in the Core reader

Download PDF

UEL Research Repository at University of East London

oai:repository.uel.ac.uk:853qz

Last time updated on 10/07/2019

This paper was published in UEL Research Repository at University of East London.

Having an issue?

Is data on this page outdated, violates copyrights or anything else? Report the problem now and we will take corresponding actions after reviewing your request.