A SECURE ARCHITECTURE FOR DEFENDING ARP SPOOFING ATTACKS USING A SWITCH BASED METHODOLOGY

Document Type : Original Article

Author

Computer Systems Department, Faculty of Computers and Information, Ain Shames University Cairo, Egypt

Abstract

In local networks, security weaknesses in the data link layer enable internal attacks. Although
switches and routers have some built in security features, they are not enough to fully ensure the
security of local networks. Moreover, these features require network administrators' involvement and
are prone to miss-configuration. In addition, data link layer protocols used in local area networks
(LANs) are not designed with built-in security features. The most dangerous attacks on layer 2 are ARP
spoofing and MAC flooding attacks. Several schemes to mitigate, detect and prevent these attacks have
been proposed, but each has its limitations. This paper proposes a detection and prevention system for
ARP spoofing attacks. The system consists of two back to back servers. An application on the servers
allows authentication of users to a centralized server. The server, in turn, retrieves logged users to the
switch. Hence filtering of untrusted users is performed by telneting the main switch. The Performance
study has shown the efficiency and superiority of the proposed system, as compared to the previous
work. Several performance metrics have been measured to show its fast response to detection and
prevention of the ARP spoofing attacks. The system has been compared to one of the famous
commercial tools. The comparison has shown the superiority of our system, since the system detection
time is 20 time faster than that of the commercial tool.