Presentation Material
Abstract
A Man-In-The-Middle(MITM) attack is one of the most well known attack on the computer networks. Out of the several variations of MITM, Address Resolution Protocol (ARP) Spoofing/Poisoning is widely used in packet interception and on-the-fly manipulation. Traditional MITM attacks by ARP Poisoning expose the attacker’s identity and thereby physical location. In this paper, to the best of our knowledge it is for the first time that an MITM attack has been updated with stealth capabilities. We propose two new attacks namely Stealth MITM(SMITM) and Semi-Stealth MITM(SSMITM) at the Data Link Layer using ARP Spoofing which add stealth capabilities to MITM attacks, thereby concealing the identity of an attacker. Finally, we give a detection and defense technique for the attacks. All the attacks proposed in the paper have been verified and successfully validated in a 300+ node real production network and test beds which include nodes with latest Linux and Windows operating systems under default and secured network scenarios. The results have been 100% effective and have proved the reproducibility of the proposed attacks.
AI Generated Summarymay contain errors
Here is a summarized version of the content:
Topic: Detecting Stress Management Attacks on Network Systems
Summary:
The speaker demonstrates an attack where an attacker can broadcast their MAC address, making it seem like they are Alice’s machine. This is done by sending ARP packets with a non-obvious IP address (a broadcast IP address). The attack can be detected by monitoring for these types of packets.
However, it’s impossible to know who the attacker is, as the attacker’s MAC address remains hidden. The speaker has developed a tool to detect this type of attack and has tested it on various systems with 300+ nodes, including Windows and Linux machines. The tool is available on GitHub.
Additional Points:
- There are existing techniques to detect these types of attacks, but they require a managed switch.
- The speaker’s method does not rely on a managed switch.
- A similar attack, called the “Mandala Middle Attack,” was previously documented in a research paper. This attack targets wireless networks and aims to degrade network performance.
Personal Story:
The speaker shares a personal anecdote about a friend challenging them to hack their system. The speaker claims they were able to design a secure system that prevented the attack.