COMPUTER SCIENCE
and ENGINEERING

The stateless characteristic of Address Resolution Protocol (ARP) makes it vulnerable to many ARP cache poisoning attacks like MITM (Man in The Middle) attack, most of which generally aim at the gateway. To solve this problem, there have been solutions like using static ARP entries, or using WinPcap libraries or SNMP to detect and rectify poisoned ARP cache. However, the solutions above need manual operation, which is less feasible when the network is large. In this paper, we propose a respondent solution. After a detection of ARP spoof in the gateway, the trusted server will isolate the attacker and then tell all hosts in the network the real IP-to-MAC mappings of the gateway based on the up-to-date information from its storage, thereby automatically rectifying poisoned ARP cache.

ARP cache poisoning, MITM, Network security.