Z. Trabelsi∗ and K. Shuaib∗
Address Resolution Protocol, man-in-the-middle attack, Address Resolution Protocol cache poisoning attack, intrusions detection systems
The Man-in-the-Middle (MiM ) attack is used by attackers to perform sniffing activities in switched LAN networks. The potential damage to a network from sniffing activities can be very significant. This paper proposes a mechanism for detecting malicious hosts performing MiM attack in switched LAN networks. The proposed mechanism consists of sending trap and spoofed packets to the network’s hosts, after which, malicious sniffing hosts can be identified efficiently and accurately by collecting and analyzing the response packets. The effect of the proposed mechanism on the performance of the network is discussed and shown to be minimal. The limits of current security solutions regarding their ability to detect and prevent the MiM attack in switched LAN networks, are also discussed.
Important Links:
Go Back