Implementation To ARP Protection Based On NIDS Driver

In recent years, with the rapid development of computer network and personal computer, there are more and more network security incidents owing to the loopholes of various network protocols. Among this, ARP spoofing attacks is a serious issue of network security, which uses the loopholes of the ARP Protocol to spoofing and attack. It destroys the normal communications between the hosts by sending the wrong IP/MAC addresses. There are lots of measures to prevent ARP spoofing attacks. But the measures have some constraints, which can't solve the ARP spoofing attacks'problem. The thesis does some research on this problem and proposes an effective measure to prevent ARP spoofing attacks using NDIS intermediate layer drive.The thesis firstly introduces the domestic and international research on the status of ARP deception, analyzes the ARP protocol and its working principle and represents the loopholes of the ARP protocol. Secondly, the thesis introduces the existing methods against ARP spoofing attack, analyses their features in defensing and detecting ARP spoofing attack. Then it elaborates the procedure of ARP spoofing attack and finds the defects of the present solutions. The key issue relies on the criterion and safety problems on the receiving and detecting of the data packets. As the result of this, the thesis proposes the prevention measure of protecting ARP spoofing attack:It uses NDIS to catch the flowed data packets, transmits the data to the duplicated data module, and then takes out the data packets from the module and compare it to the filter regular of the NDIS intermediate layer, which decides whether it should be filtered or not. The execution procedure of the NDIS intermediate layer is controlled by the users, the users' program realizes the communication with the NDIS intermediate layer driver, controlling the start and finish of the drive program and filtering the data packets by the transfer of the fuctions.Finally, the thesis does ARP packet filter test of the drive and the user program. The result shows that the system can prevent ARP spoofing attack efficiently and has few effects on the equipment. Considering the cost, the feasibility and the efficiency, it can prevent ARP spoofing attack better.