Abstract. Currently, the major focus on the network security is securing individual components as well as preventing unauthorized access to network services. Ironically, Address Resolution Protocol (ARP) poisoning and spoofing techniques can be used to prohibit unauthorized network access and resource modifications. The protecting ARP which relies on hosts caching reply messages can be the primary method in obstructing the misuse of the network. This paper proposes a network service access control framework, which provides a comprehensive, hostby-host perspective on IP (Internet Protocol) over Ethernet networks security. We will also show how this framework can be applied to network elements including detecting, correcting, and preventing security vulnerabilities
