Recently, an Internet technology is developing remarkably without let-up and is being disseminated widely, anyone can use the Internet easily.
Thus, Internet users have been increasing tremendously, but all of Internet users do not necessarily know technology about computer systems or networks very well.
That is, Internet users are increasing incessantly due to spread of Internet use, but since they do not always have special knowledge about a computer or the Internet, the wicked persons who execute various kinds of crimes via a network using this drawback are increasing bit by bit.
For example, consider a case such as an individual information theft which is drawing keen attention of the citizens recently intensively. In the past, most users using the Internet have a tendency that they ignore or disregard importance of individual information or security, and thus they have been thinking little of importance. But, as various kinds of crimes are generated using such a way of thinking, awareness of network security is being enhanced and thus, as described above, a method to prevent illegal hacking and the like is drawing keen attention of the concerned persons.
Further, as described above, there are many hacking ways as a method to acquire individual information illegally, but a hacking method using an ARP spoofing attack can be enumerated as an example.
An ARP spoofing attack is as follows. A hacker forges the MAC address of a attack target identically and then counterfeits information of an ARP cache table of a switch or a other network devices. As a result, the attacker can obtain desired information from the routed traffic by routing traffic between a computer that is the attack target and a server to a attacker's computer.
In this way, if a hacker forges information of an ARP cache table of a switch or other network devices via an ARP spoofing attack, the hacker can route traffic between a computer that is the attack target and a server to his own computer, and thereby, the attacker can obtain very useful individual information such as a password and etc. from the routed traffic without restriction.
Therefore, as Internet users are increasing explosively, such an ARP spoofing attack becomes a very serious problem in light of a situation that diverse equipments are employed for establishing a network in enterprises, individuals and even homes.
A conventional method for neutralizing this malicious ARP spoofing attack is follows. If many IPs having same MAC address are spotted by scanning an ARP table of same local network equipments, there is a room for doubt that an ARP spoofing attack is generated and first of all, it is confirmed whether an execution file including vicious code for an ARP spoofing attack exists or is being executed in a suspicious equipment for which an ARP spoofing attack is generated. After detecting whether an ARP spoofing attack is generated or not, an ARP spoofing attack is blocked through deletion of a concerned execution file and execution stop of a process.
In this way, after confirming whether an execution file including malicious codes for an ARP spoofing attack exists or is being executed in a suspicious equipment for which an ARP spoofing attack is generated, an ARP spoofing attack is blocked temporarily through deletion of a concerned execution file and execution stop of a process, but such a method is only a temporary way of blocking.
That is, as malicious codes and concerned execution file names are changed and evolved, the conventional method described as above can not be free from an ARP spoofing attack and there is an ineffective problem that all equipments for which there is a suspicion that an ARP spoofing attack is generated must be checked one by one.
Further, this problem is getting more serious as suspicious equipments are increasing, that is, a scale of a network is being enlarged.
Therefore, under a present situation that a scale of a network is being enlarged and so numerous network equipments are used, there are immense efforts and time for checking all equipments for which there is a suspicion that an ARP spoofing attack is generated one by one, and personnel expenses and other costs are also increased when personnel is increased in order to reduce the checking time. As a result, there exist many problems in terms of time and cost as well as spoofing damage.
Therefore, in order to solve the above conventional problems, it is desirable to provide a method for neutralizing an ARP spoofing attack swiftly and effectively, but a method which satisfies those conditions has not been developed until now.