As the use of the Internet is increased day by day, hacking skills are also developed and now, since various hacking programs are scattered on the network, even an ordinary person, not an expert, can be a hacker.
Fundamental means which is used for hacking such Dos, DDoS, Sniffing and Hijacking is ARP or IP spoofing. Herein, the ARP (Address Resolution Protocol) spoofing is to falsify a sender hardware address and a sender IP address, and it is an attack technique that uses a MAC address of an attack system as source information of an ARP Reply packet with respect to an IP address of other system in a local network and changes an ARP table of other router, switch or host in the local network, such that the packet, not the IP address, of the attack system is transferred to the attack system by using the MAC address of the attack system.
In addition, the IP spoofing is an attack technique that changes its own source IP and makes other systems not know who it is or makes it mistaken for another system.
Now, most of hacking damages are caused by the ARP or IP spoofing, and by using a spoofing tool that can be easily obtained through Internet, everyone can attack a particular host or can steal a look at information through a network using a spoofing tool obtained on Internet, and thus personal information that should be kept secure may be easily and frequently expropriated.
For example, various IP packets which are executed in other host connected to an internal network are peeped through the ARP spoofing, and the personal information may be leaked, and there is a risk that even financial information may be exposed. Further, an administer-leveled ID and password of a certain server is peeped or stolen by a third party, and thus information in the server may be arbitrarily falsified. Furthermore, in case that online activities carried out on an external network can be peeped or stolen by a third party, more systems may be easily exposed to the attack.
As a technique that is currently used to prevent the spoofing, there is a method in which a filtering operation is performed with respect to an IP packet received from an external network by using an IP network address assigned to a local network and a mask instead of each individual IP address for hosts which are separately connected to each port and a router having a filtering function. However, in the method, since the filtering operation is carried out by using the local network address instead of the individual IP address of each host, when the spoofing is executed by using other address of an optional local network, there are some problems in that it is impossible to detect the spoofing and it is also impossible to deal with the ARP spoofing.