ARP and ICMP Weaknesses: Impact and Network Performance Analysis of a Novel Attack Strategy

A. Anand, R. Rishi, and M. Kumar (India)


Network Security, ARP & ICMP Protocols, Performance Analysis


After the ARP and IP were drafted, a subtle weakness in the Address Resolution Protocol was discovered. Unlike TCP, ARP relies on raw sockets and like UDP; ARP provides no means to establish the authenticity of the source of incoming packets. Although this problem can be resolved in case of UDP packets by considering alternate approaches such as DNS replies being sent over TCP rather than UDP using the DNSSEC architecture so that false DNS replies may not be accepted by a host; ARP is still prone to similar attacks. This paper identifies known weaknesses of the ARP and analyses the impact of a network flooding utility developed by us, the underlying ideology of which is this very weakness of the ARP. The purpose of our implementation is to extend what conventional tools can do, by incorporating a network flooding module in it, and to simulate a flooded network where hosts are forced to broadcast outgoing packets to the entire network. In some network conditions, the gateway may also be brought into broadcast mode, leading to undesired results. Various attack strategies are considered and the network performance during these attacks is measured. We also reveal a strategy by which ICMP replies are received by a host trying to PING a destination, but the host fails to recognize these replies. Such a weakness in the ICMP can lead to erroneous network management.

Important Links:

Go Back