Problem Statement

Create your own stateless firewall which detect ARP spoofing in private network

ARP is the method by which your computers communicate with the router or gateway and, as a result, link to the internet. When an IP packet is transmitted between hosts on a local network, the mapping table, often known as an ARP cache, is accessed. It’s essentially a cross-reference between MAC addresses and IP addresses that allows users to link to various network destinations.

PS Number: PSCBS009

Domain Bucket: Cyber Security
Category: Software
Dataset : NA

The hacker tells the gateway that the IP address of the chosen victim should now be linked to their MAC address. The inverse also occurs, where the MAC address of the target is linked to the IP address of the assailant. The default gateway then transmits the updated IP/MAC relationships to the other network nodes after caching them.

Background of the Problem

To reroute connections to their device, an attacker performing an ARP cache poisoning attack tries to inject bogus information into local area network traffic. If the attacker is successful, subsequent connections to a particular IP address will go through a device under the control of the attacker since the connection initiator will use the bogus information it finds in the cache to connect.

Objective

The hacker instructs the gateway that their MAC address should now be connected to the IP address of the intended victim. The opposite also happens, with the IP address of the attacker being associated with the MAC address of the target. The new IP/MAC relationships are then sent to the other network nodes by the default gateway, who caches them. This indicates that the attacker’s system will receive all following communications rather than the intended recipient. 

Summary

Address Resolution Protocol (ARP) is a stateless mechanism called to translate IP addresses into machine MAC addresses. To determine the MAC addresses of other machines, all network devices that require network communication broadcast ARP queries throughout the system.