SYSTEMS AND METHODS FOR DETERMINING AND PREVENTING ADDRESS RESOLUTION PROTOCOL (ARP) SPOOFING AND ARP CACHE POISONING ATTACKS IN NETWORK DEVICES

摘要

A system and method is provided. The system receives one or more Link Layer Discovery Protocol (LLDP) frames exchanged across one or more neighboring hosts and one or more connected network devices, caches entries from the one or more LLDP frames in a LLDP cache to obtain a set of cached entries, receives an incoming Address Resolution Protocol (ARP) frame, extracts entries from the incoming ARP frame to obtain a set of extracted entries, performs a comparison of the set of extracted entries with at least one of (i) a set of blacklisted entries previously stored in a blacklisted cache and (ii) the set of cached entries stored in the LLDP cache, and determines a spoofing attack based on the comparison. In an embodiment, upon determining the spoofing attack, extracted entries are blacklisted in a blacklisted cache and corresponding ARP frames are discarded.