Detection and prevention of ARP cache poisoning

Acknowledgements It is a great pleasure to have an opportunity to thanks valuable beings for their continuous support and inspiration throughout the thesis work. I would like to extend my gratitude towards Dr. for all the guidance and great knowledge he shared during our course. The abundance of knowledge he has always satisfied our queries at every point. Thanks to Mr. Sumit Miglani, My guide for his contribution for timely reviews and suggestions in completing the thesis. Every time he provided the needed support and guidance. At last but not the least, a heartiest thanks to all my family and friends for being there every time I needed them. Abstract Address Resolution Protocol (ARP) is a protocol having simple architecture and have been in use since the advent of Open System Interconnection (OSI) network architecture. Its been working at network layer for the important dynamic conversion of network address i.e. Internet Protocol (IP) address to physical address or Media Access Control (MAC) address. Earlier it was sufficiently providing its services but in today " s complex and more sophisticated unreliable network, security being one major issue, standard ARP protocol is vulnerable to many different kinds of attacks. These attacks lead to devastating loss of important information. With certain loopholes it has become easy to be attacked and with not so reliable security mechanism, confidentiality of data is being compromised. Therefore, a strong need is felt to harden the security system. Since, LAN is used in maximum organizations to get the different computer connected. So, an attempt has been made to enhance the working of ARP protocol to work in a more secure way. Any kind of attempts to poison the ARP cache (it maintains the corresponding IP and MAC address associations in the LAN network) for redirecting the data to unreliable host, are prevented beforehand. New modified techniques are proposed which could efficiently guard our ARP from attacker and protect critical data from being sniffed both internally and externally. Efficiency of these methods has been shown mathematically without any major impact on the performance of network. Main idea behind how these methods actually work and proceed to achieve its task has been explained with the help of flow chart and pseudo codes. With the help of different tools ARP cache is being monitored regularly and if any malicious activity is encountered, it is intimidated to the administrator immediately. So, in …