ArpON

From Wikipedia, the free encyclopedia
Jump to: navigation, search
ArpON - ARP handler inspection
ArpON logo.png
Original author(s) Andrea Di Pasquale "spikey"
Initial release July 5, 2008
Stable release 2.7.2 / October 16, 2014; 2 months ago (2014-10-16)
Development status Active
Written in C
Operating system Linux, Mac OS X, FreeBSD, NetBSD, OpenBSD, DragonFly BSD, PC-BSD, Solaris, Other
Platform UNIX-like, POSIX
Available in English
Type Network security
License BSD
Website http://arpon.sourceforge.net/

ArpON (ARP handler inspection) is a computer software project to improve network security.

Motivation[edit]

The Address Resolution Protocol (ARP) has security issues. These include the Man In The Middle (MITM) attack through ARP Spoofing, ARP Cache Poisoning or ARP Poison Routing (APR) attacks. ArpON also blocks derived attacks including Sniffing, Hijacking, Injection, Filtering attacks and complex derived attacks, as: DNS Spoofing, WEB Spoofing, Session Hijacking and SSL/TLS Hijacking attacks.

This is possible using three kinds of anti ARP Spoofing techniques. ArpON requires a daemon in every host to be authenticated. It does not modify the classic ARP standard base protocol defined by IETF, but rather sets precise policies for static networks, dynamic networks and hybrid networks.

ArpON does not use a centralized server or encryption. It uses a cooperative authentication between the hosts based on the policies that all hosts with ArpON must respect. These policies allow exactly total protection by these attacks for all hosts that use ArpON.

Features[edit]

Some of ArpON's features are:

Algorithms[edit]

ArpON detects and blocks Man In The Middle (MITM) attack through ARP Spoofing, ARP Cache Poisoning, ARP Poison Routing (APR) attacks and it is countermeasure against these attacks and the derived attacks by it, which Sniffing, Hijacking, Injection, Filtering & co attacks for more complex derived attacks, as: DNS Spoofing, WEB Spoofing, Session Hijacking and SSL/TLS Hijacking attacks.

  • SARPI (Static ARP Inspection) manages a list with static entries, for statically configured networks without DHCP.
  • DARPI (Dynamic ARP Inspection) manages uniquely a list with dynamic entries so can be used in dynamically configured networks having DHCP.
  • HARPI (Hybrid ARP Inspecion) manages both kinds of lists simultaneously.

External links[edit]