Abstract
This paper examines a new application of the well-known ARP spoofing (or ARP cache poisoning) attack. Traditionally, ARP spoofing has been applied in local area networks to allow an attacker to achieve a man-in-the-middle position against target hosts, or to implement a denial-of-service by routing messages to non-existent hardware addresses. In this paper, we introduce a variant of ARP spoofing unique to multi-hop ad hoc networks in which routing loops are created among target wireless hosts. The routing loops not only results in a denial-of-service against the targeted hosts, but creates a resource consumption attack, where the targets waste power and occupy the channel, precluding its use by legitimate traffic. The paper identifies the network topology pre-conditions under which routing loops are possible, and discusses how ARP spoof messages can be used to create routing loops of arbitrary size. We show experimental results of an implementation and provide suggestions as to how to prevent, detect, or mitigate the attack.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Plummer DC (1982) An Ethernet address resolution protocol. RFC 826, http://tools.ietf.org/html/rfc826
S. Cheshire (2008) IPv4 address conflict detection. RFC 5227, http://tools.ietf.org/html/rfc5227
Arkko J, Pignataro C (2009) IANA allocation guidelines for the address resolution protocol (ARP). RFC 5494, http://tools.ietf.org/hml/rfc5494
Mangut HA, Al-Nemrat A, Benzaid C, and Tawil AH (2015) ARP cache poisoning mitigation and forensics investigation. Proc. of 14th IEEE International Conference on Trust, Security, Privacy in Computing and Communications, Helsinki, Finland
Yang M, Wang Y and Ding H (2014) Design of WinPcap based ARP spoofing defense system. Proc. of 2014 Fourth International Conference on Instrumentation and Measurement, Computer, Communication and Control, Harbin, China
Jinhua G, Kejian X (2013) ARP spoofing detection algorithm using ICMP protocol. Proc. of 2013 International Conference on Computer Communication and Informatics, Coimbatore, India
Salim H, Z Li, Tu H, Guo Z (2012) Preventing ARP spoofing attacks through gratuitous decision packet. Proc. of 11th International Symposium on Distributed Computing and Applications to Business, Engineering and Science, Washington DC, USA
Sadhir G, Hu Y, Perrig A (2003) ARP Attacks in Wireless Ad Hoc Networks http://dl.icdst.org/pdfs/files/0d65ca5916c99a18d087bad19f6d1d0d.pdf
Bruschi D, Ornaghi A, Rosti E (2003) S-ARP: A secure address resolution protocol. Proc. of the 19th Annual Computer Security Applications Conference
LBL Network Research Group, Information and Computing Sciences Division, at Lawrence Berkeley National Laboratory, ARP Watch, http://www.securityfocus.com/ tools/142
ISL, ARP-Guard, https://www.arp-guard.com/en/arp-guard/product.html
Zdrnja B (2009) Malicious JavaScript insertion through ARP poisoning attacks. IEEE Secur Priv 7:72–74
Carter C, Yi S, Kravets R (2003) ARP considered harmful: Manycast transactions in ad hoc networks. Proc. of 2003 I.E. Wireless Communications and Networking, New Orleans LA, USA
Birmelé E et al (2013) Optimal listing of cycles and st-paths in undirected graphs. Proc. of the Twenty-Fourth Annual ACM-SIAM Symposium on Discrete Algorithms, New Orleans LA, USA
Shaffer CA (2013) A Practical Introduction to Data Structures and Algorithm Analysis, Virginia Tech
Arkko J, Kempf J, Zill B, Nikander P (2005) Secure Neighbor Discovery (SEND). RFC 3971, https://tools.ietf.org/html/rfc3971
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Brown, J., Willink, T.J. ARP Cache Poisoning and Routing Loops in ad Hoc Networks. Mobile Netw Appl 23, 1306–1317 (2018). https://doi.org/10.1007/s11036-018-1039-6
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11036-018-1039-6