Download Lecture 11, Prolog

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
Document related concepts
no text concepts found
Transcript 
Prolog to Lecture 11
CS 236
On-Line MS Program
Networks and Systems Security
Peter Reiher
CS 236 Online
Lecture 11
Page 1
How Can Man-in-the-Middle
Attacks Really Occur?
• Man-in-the-middle attacks require an
attacker to intercept and replace
messages
• How can that happen in real world
scenarios?
• How do attackers “lay hands” on our
messages?
CS 236 Online
Lecture 11
Page 2
Active Eavesdropping
• Generally only possible on broadcast
media
– 802.11, true Ethernet, etc.
• Everyone (nearby) can hear the
messages
• Often, they can forge low level
addresses and identifiers
CS 236 Online
Lecture 11
Page 3
How Else Could It Happen?
• Through name translations
– Alter translation of some name at a
higher level to the wrong lower level
entity
• Through routing control
– Route network traffic through nodes
under your control
CS 236 Online
Lecture 11
Page 4
ARP Poisoning
• A name translation attack
• On an Ethernet
• Alter the translation from the network
to link layer
– IP address to MAC address
• Persuade the switch to use the wrong
translation
CS 236 Online
Lecture 11
Page 5
DNS Mistranslations
• Users work with user level names
– Typically DNS names
• If attacker can alter the translation, he
gets the messages
– Which he can later forward to the
real destination
• How do you fiddle a DNS translation?
CS 236 Online
Lecture 11
Page 6
DNS Attacks
• Corrupt a DNS server
– Change entry at server to the wrong
translation
• Spoof replies from a DNS server
– Create fake reply to a legit DNS request
– If it beats response from real server, fake
one is used
– If response cached, it persists
• DNS cache poisoning
CS 236 Online
Lecture 11
Page 7
Routing Attacks
• Generally, BGP routing changes not
well authenticated
– Several cases of bogus requests
resulting in traffic diversion
• Attacks based on direct source
addressing
CS 236 Online
Lecture 11
Page 8
Direct Source Addressing
Attacks
• Attacker provides a direct source address to
a target
– Spoofing someone else’s source address
– But including attacker’s real address in
the source routing
• Responses will probably go through
attacker
• Allowing him to be in the middle
CS 236 Online
Lecture 11
Page 9
The General Issue
• There are network paths at multiple
levels
• If attacker can divert any of them
through him, he might get in the
middle
• New technologies might open new
possibilities
CS 236 Online
Lecture 11
Page 10
Related documents
www.bestitdocuments.com
www.bestitdocuments.com
The Internet and Security
The Internet and Security
Skating on Stilts
Skating on Stilts
Keamanan Sistem (CNG4O3)
Keamanan Sistem (CNG4O3)
Chapter 1 Exploring the Network
Chapter 1 Exploring the Network
Forms of Network Attacks
Forms of Network Attacks
Introduction to the Internet
Introduction to the Internet
CSCI6268L36
CSCI6268L36
(DOS) Attack
(DOS) Attack
Recon
Recon
Network Protocols and Vulnerabilities
Network Protocols and Vulnerabilities
Using Digital Signature with DNS
Using Digital Signature with DNS
lecture6-Attacks
lecture6-Attacks
lecture6
lecture6
Network Security - University of Engineering and Technology
Network Security - University of Engineering and Technology
CSE 524: Lecture 17
CSE 524: Lecture 17
Lecture4-hijacking+poisoning
Lecture4-hijacking+poisoning
Cafe Cracks: Attacks on Unsecured Wireless Networks
Cafe Cracks: Attacks on Unsecured Wireless Networks
Building trustworthy systems: Lessons from the PTN and Internet
Building trustworthy systems: Lessons from the PTN and Internet
Attacks and hacker tools - International Computer Institute
Attacks and hacker tools - International Computer Institute
Hakin9 DNS cache poisoning
Hakin9 DNS cache poisoning
UWB Impulse Radio Based Distance Bounding
UWB Impulse Radio Based Distance Bounding