{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2023,9,12]],"date-time":"2023-09-12T05:07:58Z","timestamp":1694495278105},"reference-count":15,"publisher":"IGI Global","issue":"3","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2011,7,1]]},"abstract":"<p>This paper describes two novel methods for active detection and prevention of ARP-poisoning-based Man-in-the-Middle (MitM) attacks on switched Ethernet LANs. As a stateless and inherently insecure protocol, ARP has been used as a relatively simple means to launch Denial-of-Service (DoS) and MitM attacks on local networks and multiple solutions have been proposed to detect and prevent these types of attacks. MitM attacks are particularly dangerous, because they allow an attacker to monitor network traffic and break the integrity of data being sent over the network. The authors introduce backwards compatible techniques to prevent ARP poisoning and deal with sophisticated stealth MitM programs.<\/p>","DOI":"10.4018\/jdcf.2011070104","type":"journal-article","created":{"date-parts":[[2011,10,20]],"date-time":"2011-10-20T14:38:19Z","timestamp":1319121499000},"page":"50-60","source":"Crossref","is-referenced-by-count":5,"title":["Two Methods for Active Detection and Prevention of Sophisticated ARP-Poisoning Man-in-the-Middle Attacks on Switched Ethernet LANs"],"prefix":"10.4018","volume":"3","author":[{"given":"Kenan","family":"Kalajdzic","sequence":"first","affiliation":[{"name":"Center for Computing Education, Bosnia and Herzegovina"}]},{"given":"Ahmed","family":"Patel","sequence":"additional","affiliation":[{"name":"Universiti Kebangsaan Malaysia, Malaysia, and Kingston University, UK"}]},{"given":"Mona","family":"Taghavi","sequence":"additional","affiliation":[{"name":"Universiti Kebangsaan Malaysia, Malaysia"}]}],"member":"2432","reference":[{"key":"jdcf.2011070104-0","doi-asserted-by":"crossref","unstructured":"Abad, C., & Bonilla, R. (2007). An analysis on the schemes for detecting and preventing ARP cache poisoning attacks. In Proceedings of the 27th International Conference on Distributed Computing Systems Workshops, Toronto, ON, Canada (p. 60).","DOI":"10.1109\/ICDCSW.2007.19"},{"key":"jdcf.2011070104-1","doi-asserted-by":"crossref","unstructured":"Bruschi, D., Ornaghi, A., & Rosti, E. (2003). S-ARP: A secure address resolution protocol. In Proceedings of the 19th Annual Computer Security Applications Conference, Las Vegas, NV (p. 66).","DOI":"10.1109\/CSAC.2003.1254311"},{"key":"jdcf.2011070104-2","unstructured":"Carnut, M., & Gondim, J. (2003). ARP spoofing detection on switched Ethernet networks: A feasibility study. In Proceedings of the 5th Symposium on Security in Informatics."},{"key":"jdcf.2011070104-3","first-page":"1","year":"2009","journal-title":"Configuring dynamic ARP inspection: Catalyst 6500 series switch Cisco IOS software configuration guide, release 12.2(18) SXF and rebuilds and earlier releases"},{"key":"jdcf.2011070104-4","doi-asserted-by":"crossref","unstructured":"Goyal, V., & Tripathy, R. (2005). An efficient solution to the ARP cache poisoning problem. In Proceedings of the 10th Australasian Conference on Information Security and Privacy (pp. 40-51).","DOI":"10.1007\/11506157_4"},{"key":"jdcf.2011070104-5","unstructured":"LBNL Network Research Group. (n. d.). arpwatch: The ethernet monitor program; for keeping track of Ethernet\/IP address pairings. Retrieved from ftp:\/\/ftp.ee.lbl.gov\/arpwatch.tar.gz"},{"key":"jdcf.2011070104-6","unstructured":"Limmaneewichid, P., & Lilakiatsakun, W. (2011). P-ARP: A novel enhanced authentication scheme for securing ARP. In Proceedings of the International Conference on Telecommunication Technology and Applications (pp. 83-87)."},{"key":"jdcf.2011070104-7","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2007.05.007"},{"key":"jdcf.2011070104-8","unstructured":"Montoro, M. (n.d.). Cain & Abel. Retrieved from http:\/\/www.oxid.it\/cain.html"},{"key":"jdcf.2011070104-9","unstructured":"Ornaghi, A., & Valleri, M. (n.d.). Ettercap. Retrieved from http:\/\/ettercap.sourceforge.net\/"},{"key":"jdcf.2011070104-10","doi-asserted-by":"crossref","unstructured":"Ortega, A. P., Marcos, X. E., Chiang, L. D., & Abad, C. L. (2009). Preventing ARP cache poisoning attacks: A proof of concept using OpenWrt. In Proceedings of the Network Operations and Management Symposium, Punta del Este, Uruguay (pp. 1-9).","DOI":"10.1109\/LANOMS.2009.5338799"},{"key":"jdcf.2011070104-11","unstructured":"Plummer, D. (1982). RFC-826: An ethernet address resolution protocol. Retrieved from http:\/\/www.ietf.org\/rfc\/rfc826.txt"},{"key":"jdcf.2011070104-12","unstructured":"Song, D. (n. d.). dsniff. Retrieved from http:\/\/monkey.org\/~dugsong\/dsniff\/"},{"key":"jdcf.2011070104-13","doi-asserted-by":"crossref","unstructured":"Trabelsi, Z., & El-Hajj, W. (2007). Preventing ARP attacks using a fuzzy-based stateful ARP cache. In Proceedings of the IEEE International Conference on Communications (pp. 1355-1360).","DOI":"10.1109\/ICC.2007.228"},{"key":"jdcf.2011070104-14","doi-asserted-by":"crossref","unstructured":"Trabelsi, Z., & Shuaib, K. (2007). NIS04-4: Man in the middle intrusion detection. In Proceedings of the Global Telecommunications Conference (pp. 1-6).","DOI":"10.1109\/GLOCOM.2006.282"}],"container-title":["International Journal of Digital Crime and Forensics"],"original-title":[],"language":"ng","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=58408","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,6,1]],"date-time":"2022-06-01T14:32:39Z","timestamp":1654093959000},"score":1,"resource":{"primary":{"URL":"https:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/jdcf.2011070104"}},"subtitle":[""],"short-title":[],"issued":{"date-parts":[[2011,7,1]]},"references-count":15,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2011,7]]}},"URL":"https:\/\/doi.org\/10.4018\/jdcf.2011070104","relation":{},"ISSN":["1941-6210","1941-6229"],"issn-type":[{"value":"1941-6210","type":"print"},{"value":"1941-6229","type":"electronic"}],"subject":[],"published":{"date-parts":[[2011,7,1]]}}}