บทความวารสาร
2025 (ค.ศ.)
บทความวารสาร
Cited by 1
An effective prevention approach against ARP cache poisoning attacks in MikroTik-based networks
#Address Resolution Protocol
#ARP Spoofing
#ARP Cache Poisoning
#MikroTik-based Network
SDG-9: อุตสาหกรรม นวัตกรรม และโครงสร้างพื้นฐาน
SDG-16: สันติภาพ ความยุติธรรม และสถาบันที่เข้มแข็ง
ผู้แต่ง (Creator)
หัวเรื่อง (Subject)
คำสำคัญ (Keywords)
ปีที่เผยแพร่ (Year)
คณะ (Faculty)
ภาษา (Language)
URI (Identifier)
ชื่อวารสาร (Journal Name)
DOI
ISSN
ปีที่ (Volume)
ฉบับที่ (Issue)
หน้า (Pages)
ช่วงเวลาที่ศึกษา (Temporal Coverage)
สิทธิ์การใช้งาน (Access Level)
สัญญาอนุญาต (License)
Dublin Core Metadata
| Element | Value |
|---|---|
| dc.title | An effective prevention approach against ARP cache poisoning attacks in MikroTik-based networks |
| dc.contributor.author | Ekarin Suethanuwong (Faculty of Commerce and Management, Prince of Songkla University, Trang Campus, Thailand) |
| dc.date.accessioned | 2026-02-17T15:23:18+07:00 |
| dc.date.issued | 2024 |
| dc.description.abstract | Nowadays, leading manufacturers of enterprise-grade networking devices offer the dynamic ARP inspection (DAI) feature in their Ethernet Switches to detect and prevent ARP cache poisoning attacks from malicious hosts. However, MikroTik Ethernet switches do not yet support this feature. Within MikroTik-based networks, three potential approaches exist to prevent ARP cache poisoning attacks, each with drawbacks. This paper proposes an innovative approach called Gateway-controlled ARP (GCA) to prevent ARP cache poisoning attacks on a router-on-a-stick (RoaS) network using MikroTik networking devices, where a single router performs inter-VLAN routing through one physical interface. With this approach, all Ethernet switches are configured to forward ARP messages from hosts directly to the router for inspection and handling. A RouterOS script based on the GCA approach was implemented and executed on the router to handle all incoming ARP requests from any host in all VLANs, ensuring all hosts receive legitimate ARP responses from the router. This approach can effectively prevent spoofed ARP packets sent by malicious attackers. This approach was tested and evaluated on an actual RoaS network, focusing on processing time, CPU Load, and response time. The evaluation results show that the approach effectively prevents ARP cache poisoning attacks. |
| dc.identifier.uri | https://sar.trang.psu.ac.th/id/5 |
| dc.identifier.doi | 10.37936/ecti-cit.2025191.256401 |
| dc.language.iso | eng |
| dc.publisher | Prince of Songkla University, Trang Campus |
| dc.subject | MikroTik (Computer network equipment)--Security measures |
| dc.subject | Address Resolution Protocol (Computer network protocol) |
| dc.subject | Computer networks--Security measures. |
| dc.subject.keyword | Address Resolution Protocol |
| dc.subject.keyword | ARP Spoofing |
| dc.subject.keyword | ARP Cache Poisoning |
| dc.subject.keyword | MikroTik-based Network |
| dc.type | บทความวารสาร |
| dc.rights | Public |
| dc.rights.license | CC BY-NC-ND 4.0 - แสดงที่มา-ไม่ใช้เพื่อการค้า-ไม่ดัดแปลง |
| dc.faculty | คณะพาณิชยศาสตร์และการจัดการ |
| dc.identifier.issn | 2286-9131 |
| dc.bibliographicCitation.issue | 1 |
| dc.bibliographicCitation.pages | 1–12 |
| dc.bibliographicCitation.volume | 19 |
| dc.relation.journal | ECTI Transactions on Computer and Information Technology (ECTI-CIT) |
| dc.coverage.temporal | 2024 |
| dc.subject.sdg | SDG-9: อุตสาหกรรม นวัตกรรม และโครงสร้างพื้นฐาน |
| dc.subject.sdg | SDG-16: สันติภาพ ความยุติธรรม และสถาบันที่เข้มแข็ง |
บทคัดย่อ (Abstract)
ภาษาอังกฤษ (English)
Nowadays, leading manufacturers of enterprise-grade networking devices offer the dynamic ARP inspection (DAI) feature in their Ethernet Switches to detect and prevent ARP cache poisoning attacks from malicious hosts. However, MikroTik Ethernet switches do not yet support this feature. Within MikroTik-based networks, three potential approaches exist to prevent ARP cache poisoning attacks, each with drawbacks. This paper proposes an innovative approach called Gateway-controlled ARP (GCA) to prevent ARP cache poisoning attacks on a router-on-a-stick (RoaS) network using MikroTik networking devices, where a single router performs inter-VLAN routing through one physical interface. With this approach, all Ethernet switches are configured to forward ARP messages from hosts directly to the router for inspection and handling. A RouterOS script based on the GCA approach was implemented and executed on the router to handle all incoming ARP requests from any host in all VLANs, ensuring all hosts receive legitimate ARP responses from the router. This approach can effectively prevent spoofed ARP packets sent by malicious attackers. This approach was tested and evaluated on an actual RoaS network, focusing on processing time, CPU Load, and response time. The evaluation results show that the approach effectively prevents ARP cache poisoning attacks.