ABSTRACT

Abnormal ARP (Address Resolution Protocol) packets are usually injected into a network to corrupt the ARP caches of target hosts. An ARP poisoning attack, described in Chapter 2, is an example of attacks that use abnormal ARP packets to eavesdrop and manipulate data flowing through a LAN (Local Area Network). Abnormal ARP packet based attacks are of special interest because they are highly intentional and are usually initiated, maintained, and controlled by humans. These attacks can be performed by novices, using widely available and easy-to-use tools specially designed for this purpose. More skillful users with malicious intent can use packet generators to build abnormal ARP packets to execute the attacks. Due to the high relevance of this problem, several security solutions, ranging from high-cost LAN switches, Intrusion Detection and Prevention (IDS/IPS) hardware appliances and software tools,

to Unified Threat Management (UTM*) appliances, integrate mechanisms to cope with abnormal ARP traffic.