Computer Network & Security
Lab 2 (Team 147 Hackers)
Team Members:
Mahmoud Khaled 46-1029
Laila Hegazy 49-0546
Rawan Mostafa 49-5776
1- Environment Setup
�2- ARP Exploration
3- ARP Poisoning (Before & After Attack)
Before
After
2
�4- Mitigation
1. Static ARP Entries: Configure static ARP entries on critical network devices. By
manually specifying the MAC address associated with each IP address in the
ARP cache, you prevent attackers from poisoning the ARP cache with falsified
mappings. However, this approach can be administratively intensive and may not
be practical in large networks.
2. ARP Spoofing Detection Tools: Implement ARP spoofing detection tools or
intrusion detection systems (IDS) that monitor ARP traffic and detect unusual or
unauthorized ARP activity. These tools can identify discrepancies between the
MAC-to-IP address mappings in ARP packets and those in the ARP cache,
alerting network administrators to potential ARP spoofing attacks.
3. ARP Cache Poisoning Prevention: Configure network devices and operating
systems to mitigate ARP cache poisoning. This may involve implementing
techniques such as ARP cache timeout mechanisms, which periodically flush
outdated entries from the ARP cache to reduce the window of opportunity for
attackers to exploit ARP spoofing.
4. Port Security: Utilize port security features on network switches to restrict the
number of MAC addresses allowed to communicate through each switch port. By
binding specific MAC addresses to switch ports, you can prevent unauthorized
devices from sending ARP packets and participating in ARP poisoning attacks.
5. Network Segmentation: Segment your network into smaller, isolated subnets
using VLANs (Virtual Local Area Networks) or network segmentation techniques.
By limiting the scope of ARP traffic within each subnet, you can contain the
impact of ARP poisoning attacks and reduce the likelihood of successful MitM
attacks across the entire network.
6. Monitoring and Logging: Regularly monitor network traffic and log ARP-related
events to identify potential signs of ARP poisoning or other malicious activities.
Analyzing network logs can help detect and mitigate ARP spoofing attacks in a
timely manner, allowing for proactive response measures to be taken.
