| Abstrak/Abstract |
Nowadays, most public facilities provide free internet access to support daily activities. These public internet facilities are open to anyone, making them prone to attacks. Communications between the host and router can become attack targets because they may contain important data traffic, such as credentials. Most of these public internet facilities still use Internet Protocol version 4 in their IP addressing, and attackers can use Address Resolution Protocol (ARP) weaknesses as an opportunity. Man-in-the-Middle ARP (MitM-ARP) spoofing attacks can be launched to sniff credentials in host and router communication. We propose a comprehensive approach to solving the problem, which comprises two separate solution parts applied to the host and the router. In the host, we employ a combination of ping Round-Trip Time (RTT) anomaly detection, the SendARP function, static entry, and ping confirmation to detect and mitigate attacks. In the router, we propose combining the Dynamic Host Configuration Protocol leases as the source of the ARP entry and setting the router interface’s ARP mode to ‘‘reply-only’’ to protect the ARP cache from attacks. Experiments and evaluations of the proposed method yield several findings. It can completely revert the diverted route between the host and the router to its legitimate route. It can return the ping RTT (both sides unprotected is approximately 12 ms, one side unprotected is approximately 6 ms) to its typical value (1 ms), just as before the attack. It can avoid credentials sniffing. The most significant result is that our proposed method can comprehensively, quickly, and accurately solve the MitM-ARP spoofing problem without onerous or unusual requirements. |
