SYSTEM AND METHOD FOR ARP ANTI-SPOOFING SECURITY
4 Assignments
0 Petitions
Accused Products
Abstract
A system and method that provides for copying ARP replies, and generating data packets which include the ARP reply, and other information such as an identification of the port on the ARP reply was received. These data packets are then transmitted to an ARP collector which stores the ARP reply and port information. The ARP collector then uses this stored information, and analyzes future data packets relative to the stored information to detect occurrences of ARP spoofing. The ARP collector further provides for generating alerts and taking security actions when ARP reply spoofing is detected.
68 Citations
33 Claims
-
1-8. -8. (canceled)
-
9. In an ARP collector a method for detecting ARP spoofing, the method comprising:
-
receiving ATP packets from a first subnet of a computer network; receiving ATP packets from a second subnet of the computer network; storing information from the ATP packets from the first subnet in a database of the ARP collector; storing information from the ATP packets from the second subnet in the database of the ARP collector; and analyzing received ATP packets and information in ARP collector database to determine when a spoofed ARP reply has been received on a port of the computer network. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15-19. -19. (canceled)
-
20. A method comprising:
-
receiving, at a network device, a first data packet from a first subnet of a computer network; receiving, at the network device, a second data packet from a second subnet of the computer network; comparing, by the network device, information included the first and second data packets with information stored in a database accessible to the network device to determine whether ARP spoofing has occurred. - View Dependent Claims (21, 22, 23, 24, 25, 26)
-
-
27. A system comprising:
-
a database; one or more ports; and a processing component configured to; receive a first data packet from a first subnet of a computer network; receive a second data packet from a second subnet of the computer network; and compare information included the first and second data packets with information stored in the database to determine whether ARP spoofing has occurred. - View Dependent Claims (28, 29, 30, 31, 32, 33)
-
Specification