4/7/2018 ARP SPOOFING Group 1 Duan Chao 301230103 Luo Yi 301220263 Abstract For the first few decades of network existence, computer networks were used by university researchers for sending e-mail and by corporate employees for sharing printers. With the development of society, network technology is also constantly developing, and network applications are gradually popularized. More and more computer users can access a lot of information resources of global network system at home. Internet has become an integral part of today’s world. However, network security also comes to our sight. There are tons of protocols were used to establish these networks. But there are some precautions that we did not consider. In this paper, we do some research and simulation about the Address Resolution Protocol (ARP) and ARP spoofing to demonstrate some precautions in ARP. i Table of Content | ENSC 427 FINAL PROJECT: ARP SPOOFING Contents Abstract ............................................................................................................................................ i List of Figure and Table ................................................................................................................... iv Glossary ............................................................................................................................................ v Introduction .................................................................................................................................... 1 Researched Work ............................................................................................................................ 1 ARP Overview .................................................................................................................................. 3 ARP History .................................................................................................................................. 4 ARP Request ................................................................................................................................ 5 ARP Response .............................................................................................................................. 6 ARP Cache ....................................................................................................................................... 6 ARP Spoofing ................................................................................................................................... 7 Simulation ....................................................................................................................................... 9 Goals ............................................................................................................................................ 9 Environment ................................................................................................................................ 9 Problems ..................................................................................................................................... 9 Ns-3 does not provide interface for sending request: ............................................................ 9 Ns-3 ARP caches keep states of each entry: ......................................................................... 10 Topology .................................................................................................................................... 11 Scenario 1 .............................................................................................................................. 11 Scenario 2 .............................................................................................................................. 12 Results ....................................................................................................................................... 13 Scenario 1 .............................................................................................................................. 13 Scenario 2 .............................................................................................................................. 14 Conclusion ................................................................................................................................. 16 Industry Work ............................................................................................................................... 16 Dynamic ARP Inspection – Cisco ............................................................................................... 16 Future Plan .................................................................................................................................... 18 Monitoring in each node: .......................................................................................................... 19 Monitoring in the LAN: .............................................................................................................. 19 Conclusion ..................................................................................................................................... 19 ii Table of Content | ENSC 427 FINAL PROJECT: ARP SPOOFING References .................................................................................................................................... 20 Appendix ....................................................................................................................................... 21 Project Link ................................................................................................................................ 21 Project Source Code .................................................................................................................. 21 iii Table of Content | ENSC 427 FINAL PROJECT: ARP SPOOFING List of Figure and Table Figure 1 ARP spoofing mitigation flow chart [2] ............................................................................. 2 Figure 2 Algorithm of the Proposed Mechanism [3] ...................................................................... 3 Figure 3 ARP Request ...................................................................................................................... 5 Figure 4 ARP Response.................................................................................................................... 6 Figure 5 ARP Spoofing ..................................................................................................................... 8 Figure 6 ns-3 logo [7] ...................................................................................................................... 9 Figure 7 ARP request & response in ns-3...................................................................................... 10 Figure 8 Scenario1 ......................................................................................................................... 11 Figure 9 Scenario 2 ........................................................................................................................ 12 Figure 10 Simulation results of UDP client in scenario 1 .............................................................. 13 Figure 11 Simulation results of UDP server in scenario 1 ............................................................. 13 Figure 12 Simulation results of attacker in scenario 1 ................................................................ 14 Figure 13 Simulation results of UDP client in scenario 2 ............................................................. 14 Figure 14 Simulation results of UDP server in scenario 2 ............................................................. 14 Figure 15 Simulation results of attacker in scenario 2 ................................................................. 15 Figure 16 Topology of the simulation ........................................................................................... 15 Figure 17 Catalyst 6500 ................................................................................................................. 16 Figure 18 Dynamic ARP Inspection ............................................................................................... 17 Figure 19 DAI Trust State .............................................................................................................. 18 Table 1 ARP cache table of Client#1 ............................................................................................... 6 Table 2 Changed ARP cache table of Client#1 ................................................................................ 8 Table 3 ARP states and corresponding behaviour ........................................................................ 11 Table 4 Configuration of the scenario1 ........................................................................................ 12 Table 5 Configuration of the scenario 2 ....................................................................................... 13 iv Table of Content | ENSC 427 FINAL PROJECT: ARP SPOOFING Glossary ARP: Address Resolution Protocol MAC: Medium Access Control IP: Internet Protocol TCP: Transmission Control Protocol LAN: Local Area Network CSMA: Carrier-Sense Multiple Access WAN: Wide Area Network DDOS: Distributed Denial of Service OSI: Open Systems Interconnection DAI: Dynamic ARP Inspection v Table of Content | ENSC 427 FINAL PROJECT: ARP SPOOFING Introduction With the development of the computer networks, plenty of services and