An Effective Prevention Approach against ARP Cache Poisoning Attacks in MikroTik-based Networks
Article Sidebar
Main Article Content
Abstract
Nowadays, leading manufacturers of enterprise-grade networking devices offer the dynamic ARP inspection (DAI) feature in their Ethernet Switches to detect and prevent ARP cache poisoning attacks from malicious hosts. However, MikroTik Ethernet switches do not yet support this feature. Within MikroTik-based networks, three potential approaches exist to prevent ARP cache poisoning attacks, each with drawbacks. This paper proposes an innovative approach called Gateway-controlled ARP (GCA) to prevent ARP cache poisoning attacks on a router-on-a-stick (RoaS) network using MikroTik networking devices, where a single router performs inter-VLAN routing through one physical interface. With this approach, all Ethernet switches are configured to forward ARP messages from hosts directly to the router for inspection and handling. A RouterOS script based on the GCA approach was implemented and executed on the router to handle all incoming ARP requests from any host in all VLANs, ensuring all hosts receive legitimate ARP responses from the router. This approach can effectively prevent spoofed ARP packets sent by malicious attackers. This approach was tested and evaluated on an actual RoaS network, focusing on processing time, CPU Load, and response time. The evaluation results show that the approach effectively prevents ARP cache poisoning attacks.
Article Details
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
References
A. Petrosyan, “Worldwide digital population 2024,” Statista, Technical Report, Jan. 31, 2024, Accessed: Mar. 18, 2024, [Online.] Available: https://www. statista.com/statistics/617136/digital-population-worldwide
B. Alotaibi and H. Almagwashi, “A Review of BYOD Security Challenges, Solutions and Policy Best Practices,” Proceedings of the 2018 1st International Conference on Computer Applications & Information Security (ICCAIS), pp. 1-6, Saudi Arabia, 2018.
G. A. Safdar and A. Mansour, “Security and Trust Issues in BYOD Networks,” IT Professional, Vol. 25, No. 4, pp. 45-51, July-Aug. 2023.
M. Sharma and S. Ravichandra, “Design and implementation of a mechanism to identify and defend against ARP spoofing,” Proceedings of the 2023 14th International Conference on Computing Communication and Networking Technologies (ICCCNT), pp. 1-6, Delhi, India, 2023.
C. G. Weissman, “Here’s why equifax yanked its apps from apple and google last week”, Sep. 2017.
M. Conti, N. Dragoni and V. Lesyk, “A Survey of Man in The Middle Attacks,” IEEE Communications Surveys & Tutorials, Vol. 18, No. 3, pp. 2027-2051, 2016
M. Nobakht, H. Mahmoudi and O. Rahimzadeh, “A Distributed Security Approach against ARP Cache Poisoning Attack,” Proceedings of the 1st Workshop on Cybersecurity and Social Sciences (CySSS), pp. 27-32, Japan, May 30, 2022.
S. Hijazi and M. S. Obaidat, “A New Detection and Prevention System for ARP Attacks Using Static Entry,” IEEE Systems Journal, Vol. 13, No. 3, pp. 2732-2738, Sep. 2019.
J. S. Meghana, T. Subashri and K. R. Vimal, “A survey on ARP cache poisoning and techniques for detection and mitigation,” Proceedings of the 2017 Fourth International Conference on Signal Processing, Communication and Networking (ICSCN), pp. 1-6, Chennai, India, 2017.
H. A. S. Adjei, M. T. Shunhua, G. K. Agordzo, Y. Li, G. Peprah and E. S. A. Gyarteng, “SSL Stripping Technique (DHCP Snooping and ARP Spoofing Inspection),” Proceedings of the 2021 23rd International Conference on Advanced Communication Technology (ICACT), pp. 187-193, PyeongChang, Korea (South), 2021.
W. J. Tay, S. L. Lew and S. Y. Ooi, “Remote Access VPN using MikroTik Router,” Proceedings of the 2022 International Conference on Computer and Drone Applications (IConDA), pp. 119-124, Kuching, Malaysia, 2022.
J. M. Ceron, C. Scholten, A. Pras and J. Santanna, “MikroTik Devices Landscape, Realistic Honeypots, and Automated Attack Classification,” Proceedings of the NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium, Budapest, Hungary, pp. 1-9, 2020.
D. C. Puchianu, N. Angelescu, G. Predusca, D. Circiumarescu and E. Diaconu, “Comparative study of power consumption on Mikrotik and Fortigate routers,” Proceedings of the 2020 12th International Conference on Electronics, Computers and Artificial Intelligence (ECAI), Bucharest, Romania, 2020, pp. 1-4
S. M. Morsy and D. Nashat, “D-ARP: An Efficient Scheme to Detect and Prevent ARP Spoofing,” IEEE Access, Vol. 10, pp. 49142-49153, 2022.
S. Singh and D. Singh, “ARP Poisoning Detection and Prevention Mechanism using Voting and ICMP Packets,” Indian Journal of Science and Technology, Vol. 11, No. 22, pp. 1-9, June 2018.
G. Jinhua and X. Kejian, “ARP spoofing detection algorithm using ICMP protocol,” Proceedings of the 2013 International Conference on Computer Communication and Informatics, Coimbatore, India, 2013, pp. 1-6
G. Kaur and J. Malhotra, “Comparative Investigation of ARP Poisoning Mitigation Techniques Using Standard Testbed for Wireless Networks,” Journal of Cyber Security and Mobility, Vol. 4, No. 2-3, pp. 53-64, Nov. 2015.
J. Singh, S. Dhariwal and R. Kumar, “A Detailed Survey of ARP Poisoning Detection and Mitigation Techniques,” International Journal of Control Theory and Applications (IJCTA), Vol. 9, No. 41, pp. 131-137, 2016
R. K. Bijral and A. Gupta, “Study of Vulnerabilities of ARP Spoofing and its detection using SNORT,” International Journal of Advanced Research in Computer Science, Vol.8, No.5, May – June 2017.
D. Bruschi, A. Ornaghi and E. Rosti, “S-ARP: a secure address resolution protocol,” Proceedings of the 19th Annual Computer Security Applications Conference, pp. 66-74, Las Vegas, NV, USA, 2003.
O. S. Younes, ‘‘Securing ARP and DHCP for mitigating link layer attacks,’’ Sadhana, Vol. 42, No. 12, pp. 2041–2053, Dec. 2017.
V. Prevelakis and W. Adi, “LS-ARP: A lightweight and secure ARP,” Proceedings of the 2017 Seventh International Conference on Emerging Security Technologies (EST), pp. 204-208, Canterbury, UK, 2017.
R. Kaur, E. G. Singh and S. Khurana, “A security approach to prevent ARP poisoning and defensive tools,” International Journal of Computer and Communication System Engineering (IJCCSE), Vol. 2, No. 3, pp. 431-437, Jun. 2015.
D. Majumdar and R. R. Chintala, “Shadow APR-ing for APR Poisoning Detection,” Proceedings of the 9th International Conference on Advanced Computing and Communication Systems (ICACCS), pp. 128-131, Coimbatore, India, 2023.
A. M. Abdel Salam, W. S. Elkilani and K. M. Amin, “An automated approach for preventing ARP spoofing attack using static ARP entries,” International Journal of Advance Computer Science and Applications (IJACSA), Vol. 5, No. 1, 2014.
M. Data, “The Defense Against ARP Spoofing Attack Using Semi-Static ARP Cache Table,” Proceedings of the 2018 International Conference on Sustainable Information Engineering and Technology (SIET), pp. 206-210, Malang, Indonesia, 2018.
L. Allen, T. Heriyanto and S. Ali, Kali Linux – Assuring Security by Penetration Testing, Packt Publishing, 2014.
N. Tripathi and B. M. Mehtre, “An ICMP based secondary cache approach for the detection and prevention of ARP poisoning,” Proceedings of the 2013 IEEE International Conference on Computational Intelligence and Computing Research, pp. 1-6, Enathi, India, 2013.
S. Kumar and S. Tapaswi, “A centralized detection and prevention technique against ARP poisoning,” Proceedings of the 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), pp. 259-264, Malaysia, 2012.
D. R. Rupal, D. Satasiya, H. Kumar and A. Agrawal, “Detection and prevention of ARP poisoning in dynamic IP configuration,” Proceedings of the 2016 IEEE International Conference on Recent Trends in Electronics, Information & Communication Technology (RTEICT), pp. 1240-1244, Bangalore, India, 2016.
S. Y. Nam, D. Kim and J. Kim, “Enhanced ARP: preventing ARP poisoning-based man-in-the-middle attacks,” IEEE Communications Letters, Vol. 14, No. 2, pp. 187-189, February 2010.
Y. Zhao, R. Guo and P. Lv, “ARP Spoofing Analysis and Prevention,” Proceedings of the 2020 5th International Conference on Smart Grid and Electrical Automation (ICSGEA), pp. 572-575, China, 2020.
P. Arote and K. V. Arya, “Detection and Prevention against ARP Poisoning Attack Using Modified ICMP and Voting,” Proceedings of the 2015 International Conference on Computational Intelligence and Networks, pp. 136-141, Odisha, India, 2015.
T. Alharbi, D. Durando, F. Pakzad and M. Portmann, “Securing ARP in Software Defined Networks,” Proceedings of the 2016 IEEE 41st Conference on Local Computer Networks (LCN), pp. 523-526, Dubai, United Arab Emirates, 2016.
H. Y. Ibrahim, P. M. Ismael, A. A. Albabawat and A. B. Al-Khalil, “A Secure Mechanism to Prevent ARP Spoofing
and ARP Broadcasting in SDN,” 2020 Proceedings of the International Conference on Computer Science and Software Engineering (CSASE), pp. 13-19, Duhok, Iraq, 2020.
H. Cho, S. Kang and Y. Lee, “Centralized ARP proxy server over SDN controller to cut down ARP broadcast in large-scale data center networks,” Proceedings of the 2015 International Conference on Information Networking (ICOIN), pp. 301-306, Cambodia, 2015.
M. Ren, Y. Tian, S. Kong, D. Zhou and D. Li, “A detection algorithm for ARP man-in-the-middle attack based on data packet forwarding behavior characteristics,” Proceedings of the 2020 IEEE 5th Information Technology and Mechatronics Engineering Conference (ITOEC), pp. 1599-1604, Chongqing, China, 2020.
“Bridging and switching,” RouterOS – MikroTik Documentation, Accessed: Mar. 18, 2024, [Online.] Available: https://help.mikrotik.com/docs/display/ROS/Bridging and Switching.
“MikroTik hAP ac² - Dual-concurrent Access Point,” Accessed: Mar. 18, 2024, [Online.] Available: https://mikrotik.com/product/hap_ac2
“MikroTik CCR1009-7G-1C-1S+ Cloud Core Router,” Accessed: Mar. 18, 2024, [Online.] Available: https://mikrotik.com/product/CCR1009-7G-1C-1Splus
S. Srivastava, S. Anmulwar, A. M. Sapkal, T. Batra, A. K. Gupta and V. Kumar, “Comparative study of various traffic generator tools,” Proceedings of the 2014 Recent Advances in Engineering and Computational Sciences, pp. 1-6, India, 2014.