摘要 |
A method and apparatus for a middleware approach to the asynchronous and backward-compatible detection and prevention of Address Resolution Protocol (ARP) cache poisoning is presented. In a Streams-based network subsystem, such as found in the Solaris 2.6 operating system, a Cache Poisoning Checker (CPC) streams module, a CPC streams driver and a CPC user-level application are implemented. The CPC streams module is implemented in a protocol stack that pertains to ARP and is designed to intercept ARP traffic in both the upward and downwards directions that are dictated by the respective Internet Protocol and Ethernet drivers in the network subsystem. The CPC streams driver acts to provide an interface between the CPC streams module and the CPC user-level application. The CPC user-level application gives access to the local ARP cache and raises alarms if an ARP cache attack is detected. Both the CPC streams driver and CPC user-level application are implemented in a stream of their own, separate from the protocol stack containing the CPC streams module.
|