Controlling the effects of anomalous ARP behaviour on ethernet networks

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Controlling the effects of anomalous ARP behaviour on ethernet networks

Full text

Pdf (3.02 MB)

Source

International Conference On Emerging Networking Experiments And Technologies archive
Proceedings of the 2005 ACM conference on Emerging network experiment and technology table of contents

Toulouse, France

SESSION: Dependable and secure networks table of contents

Pages: 50 - 60

Year of Publication: 2005

ISBN:1-59593-197-X

Authors

D. Ármannsson	Reykjavík University
G. Hjálmtýsson	Reykjavík University
P. D. Smith	Lancaster University
L. Mathy	Lancaster University

Sponsor

ACM: Association for Computing Machinery

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 15, Downloads (12 Months): 78, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1095921.1095929 What is a DOI?

ABSTRACT

There are a large number of large-scale Ethernet-based local and metropolitan area networks in use. A significant reason for this prolific deployment is the relatively simple manner in which they can be configured and deployed. A critical service on these networks, that epitomises the simple nature of Ethernet, is the Address Resolution Protocol (ARP). This protocol is used to determine the link-layer address of a host given its network-layer identifier, and uses the intrinsic broadcast capability of Ethernet to determine these mappings. In this paper, we present an analysis of ARP behaviour on three sizable local area networks and show that due to poorly configured or malicious software (e.g. viruses) on hosts, performance issues could arise because of ARP. We also propose a scheme that can be used to manage the effect of the problems identified in our analysis.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Z. Chen, L. Gao, and K. Kwiat. Modeling the Spread of Active Worms. In IEEE INFOCOM 2003, 2003.
	2	B. Greene and D. McPherson. Sink Holes: A Swiss Army Knife ISP Security Tool. http://www.arbornetworks.com/downloads/research36/Sinkhole_Tutorial_June03.pdf.
	3	L. T. Heberleid, G. Dias, B. Mukerjeeand Levitt K, J. Wood, and D. Wolber. A Network Security Monitor. In Proceedings of the IEEE Symposium on Research in Privacy, 1990.
	4	IEEE. IEEE 802.1s Multiple Spanning Trees. http://www.ieee802.org, 2002.
	5	A. Myers, E. Ng, and H. Zhang. Rethinking the Service: Scaling Ethernet to a Million Nodes. In ACM SIGCOMM HotNets 2004, San Diego, CA, USA, November 2004.
	6	D. C. Plummer. RFC 826: Ethernet Address Resolution Protocol: Or converting network protocol addresses to 48.bit Ethernet address for transmission on Ethernet hardware. http://www.ietf.org, November 1982.
	7	Martin Roesch, Snort - Lightweight Intrusion Detection for Networks, Proceedings of the 13th USENIX conference on System administration, November 07-12, 1999, Seattle, Washington
	8	S. Sharma, K. Gopalan, S. Nanda, and T. Chiueh. Viking: A Multi-Spanningtree Ethernet Architecture for Metropolitan Area and Cluster networks. In IEEE INFOCOM 2004, Hong Kong, China, March 2004.
	9	Symantec. W32.Blaster Worm. http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html.
	10	Nicholas Weaver , Vern Paxson , Stuart Staniford , Robert Cunningham, A taxonomy of computer worms, Proceedings of the 2003 ACM workshop on Rapid malcode, October 27-27, 2003, Washington, DC, USA [doi>10.1145/948187.948190]
	11	M. Zec, M. Mikuc, and M. Zagar. Estimating the Impact of Interrupts Coalescing Delays on Steady State TCP Throughput. In Proceedings of the 10th SoftCOM 2002, 2002.