ARP Cache Poisoning and Routing Loops in ad Hoc Networks

  • J. David Brown
  • Tricia J. Willink


This paper examines a new application of the well-known ARP spoofing (or ARP cache poisoning) attack. Traditionally, ARP spoofing has been applied in local area networks to allow an attacker to achieve a man-in-the-middle position against target hosts, or to implement a denial-of-service by routing messages to non-existent hardware addresses. In this paper, we introduce a variant of ARP spoofing unique to multi-hop ad hoc networks in which routing loops are created among target wireless hosts. The routing loops not only results in a denial-of-service against the targeted hosts, but creates a resource consumption attack, where the targets waste power and occupy the channel, precluding its use by legitimate traffic. The paper identifies the network topology pre-conditions under which routing loops are possible, and discusses how ARP spoof messages can be used to create routing loops of arbitrary size. We show experimental results of an implementation and provide suggestions as to how to prevent, detect, or mitigate the attack.


Denial-of-service ARP spoofing Ad hoc networks Sensor networks Routing loops Resource consumption DoS defences. 


  1. 1.
    Plummer DC (1982) An Ethernet address resolution protocol. RFC 826,
  2. 2.
    S. Cheshire (2008) IPv4 address conflict detection. RFC 5227,
  3. 3.
    Arkko J, Pignataro C (2009) IANA allocation guidelines for the address resolution protocol (ARP). RFC 5494,
  4. 4.
    Mangut HA, Al-Nemrat A, Benzaid C, and Tawil AH (2015) ARP cache poisoning mitigation and forensics investigation. Proc. of 14th IEEE International Conference on Trust, Security, Privacy in Computing and Communications, Helsinki, FinlandGoogle Scholar
  5. 5.
    Yang M, Wang Y and Ding H (2014) Design of WinPcap based ARP spoofing defense system. Proc. of 2014 Fourth International Conference on Instrumentation and Measurement, Computer, Communication and Control, Harbin, ChinaGoogle Scholar
  6. 6.
    Jinhua G, Kejian X (2013) ARP spoofing detection algorithm using ICMP protocol. Proc. of 2013 International Conference on Computer Communication and Informatics, Coimbatore, IndiaGoogle Scholar
  7. 7.
    Salim H, Z Li, Tu H, Guo Z (2012) Preventing ARP spoofing attacks through gratuitous decision packet. Proc. of 11th International Symposium on Distributed Computing and Applications to Business, Engineering and Science, Washington DC, USAGoogle Scholar
  8. 8.
    Sadhir G, Hu Y, Perrig A (2003) ARP Attacks in Wireless Ad Hoc Networks
  9. 9.
    Bruschi D, Ornaghi A, Rosti E (2003) S-ARP: A secure address resolution protocol. Proc. of the 19th Annual Computer Security Applications ConferenceGoogle Scholar
  10. 10.
    LBL Network Research Group, Information and Computing Sciences Division, at Lawrence Berkeley National Laboratory, ARP Watch, tools/142
  11. 11.
  12. 12.
    Zdrnja B (2009) Malicious JavaScript insertion through ARP poisoning attacks. IEEE Secur Priv 7:72–74CrossRefGoogle Scholar
  13. 13.
    Carter C, Yi S, Kravets R (2003) ARP considered harmful: Manycast transactions in ad hoc networks. Proc. of 2003 I.E. Wireless Communications and Networking, New Orleans LA, USAGoogle Scholar
  14. 14.
    Birmelé E et al (2013) Optimal listing of cycles and st-paths in undirected graphs. Proc. of the Twenty-Fourth Annual ACM-SIAM Symposium on Discrete Algorithms, New Orleans LA, USAGoogle Scholar
  15. 15.
    Shaffer CA (2013) A Practical Introduction to Data Structures and Algorithm Analysis, Virginia TechGoogle Scholar
  16. 16.
    Arkko J, Kempf J, Zill B, Nikander P (2005) Secure Neighbor Discovery (SEND). RFC 3971,

Copyright information

© Crown 2018

Authors and Affiliations

  1. 1.Defence Research and Development CanadaOttawaCanada

Personalised recommendations