A Middleware Approach to Asynchronous and Backward Compatible Detection and Prevention of ARP Cache Poisoning

Phoenix, Arizona December 06-December 10

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/CSAC.1999.816040

15th Annual Computer Security Applica ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Mahesh V. Tripunitara Articles by Partha Dutta

	ASCII Text	x
	Mahesh V. Tripunitara, Partha Dutta, "A Middleware Approach to Asynchronous and Backward Compatible Detection and Prevention of ARP Cache Poisoning," Computer Security Applications Conference, Annual, pp. 303, 15th Annual Computer Security Applications Conference (ACSAC '99), 1999.

	BibTex	x
	@article{ 10.1109/CSAC.1999.816040, author = {Mahesh V. Tripunitara and Partha Dutta}, title = {A Middleware Approach to Asynchronous and Backward Compatible Detection and Prevention of ARP Cache Poisoning}, journal ={Computer Security Applications Conference, Annual}, volume = {0}, year = {1999}, issn = {1063-9527}, pages = {303}, doi = {http://doi.ieeecomputersociety.org/10.1109/CSAC.1999.816040}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Applications Conference, Annual TI - A Middleware Approach to Asynchronous and Backward Compatible Detection and Prevention of ARP Cache Poisoning SN - 1063-9527 SP EP A1 - Mahesh V. Tripunitara, A1 - Partha Dutta, PY - 1999 VL - 0 JA - Computer Security Applications Conference, Annual ER -

Mahesh V. Tripunitara, Purdue University

Partha Dutta, AT&T Labs

This paper discusses the Address Resolution Protocol (ARP) and the problem of ARP cache poisoning. ARP cache poisoning is the malicious act, by a host in a LAN, of introducing a spurious IP address to MAC (Ethernet) address mapping in another host's ARP cache. We discuss design constraints for a solution: the solution needs to be implemented in middleware, without access or change to any operating system source code, be backward-compatible to the existing protocol, and be asynchronous. We present our solution and implementation aspects of it in a Streams based networking subsystem. Our solution comprises two parts: a "bump in the stack" Streams module, and a separate Stream with a driver and user-level application. We also present the algorithm that is executed in the module and application to prevent ARP cache poisoning where possible, and detect and raise alarms otherwise. We then discuss some limitations with our approach and present some preliminary performance numbers for our implementation.

Citation:

Mahesh V. Tripunitara, Partha Dutta, "A Middleware Approach to Asynchronous and Backward Compatible Detection and Prevention of ARP Cache Poisoning," acsac, pp.303, 15th Annual Computer Security Applications Conference (ACSAC '99), 1999

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.