An Intelligent Approach of Sniffer Detection

An Intelligent Approach of Sniffer Detection

Abdul Nasir Khan, Kalim Qureshi, and Sumair Khan
Department of Computer Science, COMSATS Abbottabad, Pakistan

 
Abstract: ARP cache poisoning and putting host Network Interface Card (NIC) in promiscuous mode are ways of sniffer attacks. ARP cache poisoning attack is effective in an environment which is not broadcast in nature (like switch LAN environment) and other attack is effective in an environment which is broadcast in nature (like hub, bus, access point LAN environments). Sniffing is malicious activity performed by network user and because of this network security is at risk so detection of sniffer is essential task to maintain network security. Sniffer detection techniques can be divided into two main categories. First category’s techniques are used to detect a sniffer host that runs it’s NIC into promiscuous mode and second category’s techniques are used to detect a sniffer host that uses ARP cache poisoning for sniffing. The network configuration is hidden form users. Network users do not have any information about nature of network. Therefore, users of network may invoke such sniffer detection technique that is not effective in that environment. This may result in sharing of his private and confidential information with malicious users. In this paper we designed an intelligent invocation module that checks the nature of environment automatically and invokes appropriate sniffer detection technique for that environment. With the help of this invocation module it is possible to detect passive as well as active sniffer hosts in both environments.

Keywords: Network security, sniffer, ARP cache poisoning, and IP packet routing.

Received January 7, 2009; accepted March 9, 2009

Read 3265 times Last modified on Thursday, 27 October 2011 05:39
Share
Top
We use cookies to improve our website. By continuing to use this website, you are giving consent to cookies being used. More details…