SYSTEM AND METHOD FOR ARP ANTI-SPOOFING SECURITY
7 Assignments
0 Petitions
Accused Products
Abstract
A system and method that provides for copying ARP replies, and generating data packets which include the ARP reply, and other information such as an identification of the port on the ARP reply was received. These data packets are then transmitted to an ARP collector which stores the ARP reply and port information. The ARP collector then uses this stored information, and analyzes future data packets relative to the stored information to detect occurrences of ARP spoofing. The ARP collector further provides for generating alerts and taking security actions when ARP reply spoofing is detected.
121 Citations
37 Claims
-
1-19. -19. (canceled)
-
20. A network device comprising:
-
a plurality of ports for transmitting and receiving packets, wherein the network device is configured to; determine whether Address Resolution Protocol (ARP) spoof protection is activated for a port in the plurality of ports that an ARP reply packet is received on; if ARP spoof protection is activated for the port, determining whether an ARP collector is defined, the ARP collector representing an entity configured to analyze ARP reply information to determine whether ARP spoofing has occurred; and if an ARP collector is defined, transmitting data included in the ARP reply packet to the ARP collector. - View Dependent Claims (21, 22, 23, 24, 25)
-
-
26. A method comprising:
-
determining, by a network device, whether Address Resolution Protocol (ARP) spoof protection is activated for a port of the network device that an ARP reply packet is received on; if ARP spoof protection is activated for the port, determining, by the network device, whether an ARP collector is defined, the ARP collector representing an entity configured to analyze ARP reply information to determine whether ARP spoofing has occurred; and if an ARP collector is defined, transmitting, by the network device, data included in the ARP reply packet to the ARP collector. - View Dependent Claims (27, 28, 29, 30, 31)
-
-
32. A system comprising:
-
a database for storing Address Resolution Protocol (ARP) reply information; an interface for receiving packets; and a processing component configured to; determine whether a received packet is authentic; if the received packet is determined to be not authentic, drop the received packet; and if the received packet is determined to be authentic, determine, based on ARP reply information included in the received packet and ARP reply information stored in the database, whether ARP spoofing has occurred. - View Dependent Claims (33, 34, 35, 36, 37)
-
Specification