Method and device for detecting gateway ARP cheating

Abstract

The invention discloses a method and a device for detecting gateway ARP cheating. The method comprises steps of: after receiving a message, determining the type of the message; if message is a DHCP response message, acquiring a first WLAN identifier and an IP address of a gateway carried in the DHCP response message, and updating a gateway ARP cheating mapping table according to the first WLAN identifier and the IP address of the gateway; if the message is the ARP response message, acquiring a source IP address of the ARP response message and a carried second WLAN identifier, and searching the second WLAN identifier in the gateway ARP cheating mapping table; and if the second WLAN identifier is searched and the IP address of the gateway corresponding to the second WLAN is the same as the source IP address, determining that the gateway ARP cheating is detected. According to the invention, automatic detection of the gateway ARP cheating can be achieved.

Description

technical field [0001] The invention relates to the technical field of communications, in particular to a method and device for detecting gateway Address Resolution Protocol (Address Resolution Protocol, ARP) spoofing. Background technique [0002] With the large-scale deployment and implementation of the Wireless Local Area Networks (WLAN) of the Institute of Electrical and Electronics Engineers (Institute of Electrical and Electronics Engineers, IEEE) 802.11 protocol, and the rapid development of the mobile Internet, nowadays airports, universities, shopping malls Places with dense traffic, such as hotels, supermarkets, etc., can all access WLAN. Considering the easy-to-deploy feature of the WLAN, a Dynamic Host Configuration Protocol (Dynamic Host Configuration Protocol, DHCP) is used in the WLAN to manage the addresses of the wireless terminals. Due to the wide coverage of WLAN and the free access of wireless terminals, criminals often use different attack methods, such...

AI Technical Summary

Problems solved by technology

The principle is, assuming that the wireless terminals A and B are in the same WLAN and communicate with the access point (Access Point, AP), the wireless terminal A broadcasts an ARP request message to request the medium access control (Medium Access Control, MAC) address of the gateway , in addition to the AP, the wireless terminal B will also receive the ARP request message, and at the same time, the wireless terminal B can send an ARP response message. If the wireless terminal B has obtained the IP address of the gateway, the source of the ARP response message ( Internet Protocol, IP) address is filled with the IP address of the gateway, and the source MAC address is filled with its own MAC address. After receiving the ARP response message, wireless terminal A will regard wireless terminal B as the gateway, and wireless terminal A will send The packet destined for the gateway is sent to wireless terminal B, thus causing ARP spoofing of the gateway

At present, there is no effective method for detecting gateway ARP spoofing in WLAN

Images