Even today, internet users’ data security remains a significant concern. One problem is ARP poisoning, otherwise referred to as ARP spoofing. Such attacks are intended to exploit the identified ARP protocol vulnerability. Despite no straightforward remedy for ARP spoofing being apparent, certain actions may be taken to maintain one’s safety. The most basic and common defence against a poisoning attack is manually adding MAC and IP addresses to the static ARP cache table. However, this solution is ineffective for large networks where static entries require considerable time and effort to maintain, whether by human input or via special tools and settings for the static entries of network devices. Accordingly, this paper aimed to monitor network packet information and detect the behaviour of ARP poison attacks on operating systems, for instance Windows and Linux. The discovery and defence policy systematically and periodically check the MAC addresses in the ARP table, enabling alerts to be issued if a duplicate entry is detected. This enables the poison-IP address to be blocked before a reply is sent. Finally, the results showed that the superiority was successfully achieved in the detection, prevention and reporting mechanisms in the real-world environment.

ARP poisoning; ARP spoofing; MITM; MITM sniffing; Network security