man in the middle attacks
play

Man in the Middle Attacks Engineering Secure Software Last Revised: - PowerPoint PPT Presentation

Sep 22, 2022 •242 likes •398 views

Man in the Middle Attacks Engineering Secure Software Last Revised: September 1, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 High Level View Allows the hacker to sit in between all communication between client and

  1. Man in the Middle Attacks Engineering Secure Software Last Revised: September 1, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1

  2. High Level View Allows the hacker to sit in between all communication ● between client and server They sniff packets, manipulate/change/insert new ● data/commands without either client or server being aware Target User Hacker App/Server SWEN-331: Engineering Secure Software Benjamin S Meyers 2

  3. How Can This Happen? One of the most common methods is called “ARP Cache ● Poisoning” ARP: Address Relay Protocol (DataLink Layer) ○ ARP is used by computers to find ‘who has a particular IP ● address’ and then bind to that computer’s MAC address ARP is a broadcast protocol ( a cry for help ) ● Attackers can send false replies to an ARP request, inserting ● their own computer as a fake network citizen Once this happens, they can impersonate either the end-point ○ or the gateway (which allows snooping/inserting into all traffic) SWEN-331: Engineering Secure Software Benjamin S Meyers 3

  4. ARP Spoofing ? 3 2 . 2 2 . 1 2 . 0 0 2 Switch s a h o h W W h o h a s 2 0 0 . 2 1 . 2 2 . 2 3 ? User Target App/Server IP: 200.21.22.20 IP: 200.21.22.23 MAC: aa:aa:aa:aa:aa:aa Hacker IP: 200.21.22.21 MAC: cc:cc:cc:cc:cc:cc SWEN-331: Engineering Secure Software Benjamin S Meyers 4

  5. ARP Spoofing Switch cc:cc:cc:cc:cc:cc User Target App/Server IP: 200.21.22.20 IP: 200.21.22.23 MAC: aa:aa:aa:aa:aa:aa Hacker IP: 200.21.22.21 MAC: cc:cc:cc:cc:cc:cc SWEN-331: Engineering Secure Software Benjamin S Meyers 5

  6. ARP Spoofing Switch User Target App/Server IP: 200.21.22.20 IP: 200.21.22.23 MAC: aa:aa:aa:aa:aa:aa Hacker IP: 200.21.22.21 MAC: cc:cc:cc:cc:cc:cc SWEN-331: Engineering Secure Software Benjamin S Meyers 6

  7. ARP Example Command: arp -a ● nitron$ arp -a Host Ethernet Address Netif Expire Flags nitron.se.rit.edu 00:50:56:99:72:ec em0 permanent 1 gleep.se.rit.edu 00:a0:98:31:30:58 em0 10m6s control.se.rit.edu 00:50:56:8c:00:36 em0 17m12s potamus.se.rit.edu 00:50:56:8c:00:1e em0 19m46s norville.se.rit.edu 00:c0:9f:3f:4a:1e em0 12m31s freezoid.se.rit.edu 00:25:90:6c:38:82 em0 19m39s zin.se.rit.edu 00:0d:b9:42:d6:60 em0 19m39s grapeape.se.rit.edu 00:50:56:99:6c:19 em0 13m26s dynomutt.se.rit.edu 00:0d:b9:4c:ab:3c em0 19m39s rit-west3-gw-070-vlan208.rit.edu f4:cc:55:de:3a:92 em0 20m0s SWEN-331: Engineering Secure Software Benjamin S Meyers 7

  8. Notes Attack can only be used on networks that use ARP and the ● attacker must have direct access to the local network segment being targeted Just about everyone uses ARP! ○ Since you need to have your attacking software on the local ○ network segment for this to work, hackers are always looking for ways to infiltrate your environment Thus, all of the network discovery port scans ■ SWEN-331: Engineering Secure Software Benjamin S Meyers 8

  9. How Can This Be Prevented? ARP cache poisoning is one of the hardest hacks to prevent, ● but some tools do exist Static IP/MAC lists (difficult to manage on large networks) ○ ARP spoofing detection software ○ Can be integrated into DHCP server ■ Can be part of the switch/router ■ Can be on local PC ■ Can be within the OS ■ SWEN-331: Engineering Secure Software Benjamin S Meyers 9

  10. DNS Cache Poisoning Cache poisoning affects more than just ARP ● Domain Name Server/System (DNS) ● DNS nameservers keep track of which IP addresses map to ○ which hostnames (e.g. www.google.com) There are multiple authoritative DNS nameservers ○ When you ask for an IP address for www.google.com, an attacker ○ can respond with a malicious IP address CVE-2008-1447 and CVE-2008-4392 ○ CAPEC-141 ○ SWEN-331: Engineering Secure Software Benjamin S Meyers 10 10

  11. DNS Cache Poisoning query_id query_id Source: https://www.cloudflare.com/learning/dns/dns-cache-poisoning/ SWEN-331: Engineering Secure Software Benjamin S Meyers 11 11

  12. DNS Cache Poisoning query_id query_id Source: https://www.cloudflare.com/learning/dns/dns-cache-poisoning/ SWEN-331: Engineering Secure Software Benjamin S Meyers 12 12

  13. DNS Cache Poisoning query_id query_id query_id Source: https://www.cloudflare.com/learning/dns/dns-cache-poisoning/ SWEN-331: Engineering Secure Software Benjamin S Meyers 13 13

  14. DNS Cache Poisoning Why does this happen? ● DNS uses UDP, not TCP ○ Source: https://www.cloudflare.com/learning/dns/dns-cache-poisoning/ SWEN-331: Engineering Secure Software Benjamin S Meyers 14 14

  15. How Can This Be Prevented? DNS cache expires ● Time-to-Live (TTL) ○ BUT: attackers sets a TTL when they poison the DNS cache ○ Admins can flush DNS caches, but they usually don’t ● Randomizing query_ids ● Attackers can still guess the query_id (there’s no such thing as ○ true random in computers) Also randomize the source port for the DNS query ● DNSSEC: authenticate nameservers using public/private keys ● SWEN-331: Engineering Secure Software Benjamin S Meyers 15 15

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

MitM attacks on sessions t attac s o sess o s sws2 1 MitM (Man-in-the-Middle)attacks ( )

MitM attacks on sessions t attac s o sess o s sws2 1 MitM (Man-in-the-Middle)attacks ( )

Software and Web Security 2 MitM attacks on sessions t attac s o sess o s sws2 1 MitM (Man-in-the-Middle)attacks ( ) MitM attack: attacker gets between the browser and the web server, eg eg by setting up a wifi access point

345 views • 9 slides
Protecting Free and Open Communications on the Internet Against Man-in-the-Middle Attacks on

Protecting Free and Open Communications on the Internet Against Man-in-the-Middle Attacks on

Protecting Free and Open Communications on the Internet Against Man-in-the-Middle Attacks on Third-Party Software Jeffrey Knockel, Jedidiah Crandall Computer Science Department University of New Mexico Recent News Iran: forged SSL

569 views • 27 slides
Lets Revoke Public key infrastructure prevents Man-in-the-Middle attacks Revocation protects

Lets Revoke Public key infrastructure prevents Man-in-the-Middle attacks Revocation protects

Lets Revoke Public key infrastructure prevents Man-in-the-Middle attacks Revocation protects clients from compromised certificates Without revocation, these attacks would go undetected 2 Certificate Revocation Lists (CRLs) Lists of

544 views • 27 slides
Man-in-the-Middle attacks revisited Hugo Jonker, Rolando Trujillo, Sjouke Mauw Man-in-the-middle

Man-in-the-Middle attacks revisited Hugo Jonker, Rolando Trujillo, Sjouke Mauw Man-in-the-middle

Man-in-the-Middle attacks revisited Hugo Jonker, Rolando Trujillo, Sjouke Mauw Man-in-the-middle attack Diffie-Hellman Alice Bob new na new nb g na g nb K = (g nb ) na K = (g na ) nb Man-in-the-middle attack Diffie-Hellman Alice Bob Alice

401 views • 25 slides
Exhausting Demirci-Sel cuk Meet-in-the-Middle Attacks against Reduced-Round AES Patrick Derbez

Exhausting Demirci-Sel cuk Meet-in-the-Middle Attacks against Reduced-Round AES Patrick Derbez

Introduction Demirci and Sel cuk Attack Differential Enumeration Technique Conclusion Exhausting Demirci-Sel cuk Meet-in-the-Middle Attacks against Reduced-Round AES Patrick Derbez 1 Pierre-Alain Fouque 1 , 2 Ecole Normale Sup

1.25k views • 60 slides
Certificate Measurements to Detect Man-in-the-Middle Attacks and Middleboxes Mark ONeill,

Certificate Measurements to Detect Man-in-the-Middle Attacks and Middleboxes Mark ONeill,

Certificate Measurements to Detect Man-in-the-Middle Attacks and Middleboxes Mark ONeill, Scott Ruoti, Kent Seamons, Daniel Zappala Internet Research Lab & Internet Security Research Lab Brigham Young University Certificate validation

484 views • 14 slides
Heart Attacks in Middle-aged Recreational Athletes Karl Cernovitch Alex C. Samak Jay Brophy

Heart Attacks in Middle-aged Recreational Athletes Karl Cernovitch Alex C. Samak Jay Brophy

Heart Attacks in Middle-aged Recreational Athletes Karl Cernovitch Alex C. Samak Jay Brophy MD,PhD Mark Goldberg PhD Royal Victoria Hospital Clinical Epidemiology Unit If it happened to a Pro, it could happen to you! Montreal

963 views • 21 slides
in Middle Tennessee Prevent Asthma Attacks in Children Gwen Sunkel, Indiana University-Purdue

in Middle Tennessee Prevent Asthma Attacks in Children Gwen Sunkel, Indiana University-Purdue

Breathe Easy: Helping Parents in Middle Tennessee Prevent Asthma Attacks in Children Gwen Sunkel, Indiana University-Purdue University Indianapolis United Neighborhood Health Services Nashville, TN Introduction Gwen en Sun unkel, , RN

570 views • 15 slides
Man in the middle attacks on IEC 60870-5-104 Pete Maynard @pgmaynard ORCID 0000-0002-6267-7530

Man in the middle attacks on IEC 60870-5-104 Pete Maynard @pgmaynard ORCID 0000-0002-6267-7530

Man in the middle attacks on IEC 60870-5-104 Pete Maynard @pgmaynard ORCID 0000-0002-6267-7530 Introduction Pete Maynard PhD Student CSIT Queen's University Belfast, UK Industrial Control System Security Partnership with

584 views • 34 slides
MitM attacks on HTTPS sessions Much of this material can also be seen in DEFCON 2009 presentation

MitM attacks on HTTPS sessions Much of this material can also be seen in DEFCON 2009 presentation

Software and Web Security 2 MitM attacks on HTTPS sessions Much of this material can also be seen in DEFCON 2009 presentation by Moxie Marlinspike; see URL on course page sws2 1 MitM (Man-in-the-Middle) attacks MitM attack: attacker

971 views • 38 slides
Match Box Meet-in-the-Middle Attack against KATAN Thomas Fuhr and Brice Minaud ANSSI, France

Match Box Meet-in-the-Middle Attack against KATAN Thomas Fuhr and Brice Minaud ANSSI, France

Match Box Meet-in-the-Middle Attack against KATAN Thomas Fuhr and Brice Minaud ANSSI, France FSE, March 3-5 2014 Plan 1 Match Box Meet-in-the-Middle Attacks Sieve-in-the-Middle Framework Match Box Cryptanalysis of KATAN 2 Description

1.61k views • 37 slides
NETWORKING ATTACKS NETWORKING ATTACKS NOTICES Lab #2 extended to Feb. 17 @ 23:59 HW #3

NETWORKING ATTACKS NETWORKING ATTACKS NOTICES Lab #2 extended to Feb. 17 @ 23:59 HW #3

CMPS122: COMPUTER SECURITY NETWORKING ATTACKS NETWORKING ATTACKS NOTICES Lab #2 extended to Feb. 17 @ 23:59 HW #3 due tonight NETWORKING ATTACKS LAST TIME TCP/IP networking stack Physical layer Data link layer Network

1.1k views • 61 slides
The middle program $ middle 3 3 5 middle: 3 $ middle 2 1 3 middle: 1 10 10 int main(int

The middle program $ middle 3 3 5 middle: 3 $ middle 2 1 3 middle: 1 10 10 int main(int

Detecting Anomalies Andreas Zeller 1 Tracing Infections For every infection, we must find the earlier infection that causes it. Which origin should we focus upon? 2 2 Tracing Infections 3 3 Focusing on Anomalies

522 views • 27 slides
Generic Attacks on Stream Ciphers John Mattsson Generic Attacks on Stream Ciphers 2/22

Generic Attacks on Stream Ciphers John Mattsson Generic Attacks on Stream Ciphers 2/22

Generic Attacks on Stream Ciphers John Mattsson Generic Attacks on Stream Ciphers 2/22 Overview What is a stream cipher? Classification of attacks Different Attacks Exhaustive Key Search Time Memory Tradeoffs

656 views • 22 slides
Wireless Security Wireless Network Attacks Access control attacks These attacks attempt to

Wireless Security Wireless Network Attacks Access control attacks These attacks attempt to

Wireless Security Wireless Network Attacks Access control attacks These attacks attempt to penetrate a network by using wireless or evading WLAN access control measures, like AP MAC filters and 802.1X port access controls. Type of Attack

184 views • 7 slides
Welcome to Randolph Middle School An IB World School Randolph Middle School

Welcome to Randolph Middle School An IB World School Randolph Middle School

Welcome to Randolph Middle School An IB World School Randolph Middle School Charlotte-Mecklenburg Schools International Baccalaureate Middle Years Program Grades 6 8 Brian Bambauer, Principal Fast Facts RMS was built in1967

673 views • 40 slides
Bible Study: Light in Scripture Steven Schweitzer Bethany Theological Seminary June 30 - July

Bible Study: Light in Scripture Steven Schweitzer Bethany Theological Seminary June 30 - July

Bible Study: Light in Scripture Steven Schweitzer Bethany Theological Seminary June 30 - July 2, 2016 Bible Study, Part 2: Living in the Light Steven Schweitzer Bethany Theological Seminary July 1, 2016 God is Light This is the message

328 views • 15 slides
Blockchain Enlightenment and Smart City Cryptopolis Melanie Swan 1st Workshop on

Blockchain Enlightenment and Smart City Cryptopolis Melanie Swan 1st Workshop on

Blockchain Enlightenment and Smart City Cryptopolis Melanie Swan 1st Workshop on Cryptocurrencies and Philosophy, Purdue University Blockchains for Distributed Systems melanie@BlockchainStudies.org Munich Germany, June 15, 2018 Slides:

662 views • 21 slides
1 Communication for healthcare workers during COVID-19 Anxiety Depression Job loss Working

1 Communication for healthcare workers during COVID-19 Anxiety Depression Job loss Working

1 Communication for healthcare workers during COVID-19 Anxiety Depression Job loss Working remotely 2 Communication within yourself Listen to your inner voice Be compassionate Recognize the challenges you are facing Be as

175 views • 13 slides
The Importance of Social Emotional Learning Barbara Kaiser barbarak@challengingbehavior.com

The Importance of Social Emotional Learning Barbara Kaiser barbarak@challengingbehavior.com

10/18/2016 The Importance of Social Emotional Learning Barbara Kaiser barbarak@challengingbehavior.com What are Social Skills? Social and emotional learning (SEL) is the process through which children and adults acquire and effectively

436 views • 18 slides
The Complexity Challenge to Creating Useful and Usable Visualisation Tools Natalia and Gennady

The Complexity Challenge to Creating Useful and Usable Visualisation Tools Natalia and Gennady

The Complexity Challenge to Creating Useful and Usable Visualisation Tools Natalia and Gennady Andrienko Fraunhofer Institute AIS, Sankt Augustin, Germany http://www.ais.fraunhofer.de/and Panel @ CMV conference, 4/7/2006, London The Value of

155 views • 11 slides
What I am going to do (and what Im not) Im not going to give you a detailed lectured on

What I am going to do (and what Im not) Im not going to give you a detailed lectured on

Changing styles: breaking the habits of a lifetime Saturday 2nd March 2019 Matthew Elton | matthew_elton@mac.com | www.extra-help.org.uk Attachment theory sometimes seems to have more to say about diagnosis than it does about

490 views • 10 slides
Status and plans of the UA9 experiment V.Previtali, on behalf on the UA9 collaboration LARP CM16

Status and plans of the UA9 experiment V.Previtali, on behalf on the UA9 collaboration LARP CM16

1.4 1.2 1 0.8 RESULTS 0.6 0.4 gem1 0.2 SETUP quartz1 blm4 0 -300 -200 -100 0 100 200 300 400 500 600 700 800 cry angle [ rad] FUTURE PLANS Status and plans of the UA9 experiment V.Previtali, on behalf on the UA9

949 views • 74 slides
Whats next: Catholic Joint Divestment Announcement on May 5 What I say to you in the darkness,

Whats next: Catholic Joint Divestment Announcement on May 5 What I say to you in the darkness,

Whats next: Catholic Joint Divestment Announcement on May 5 What I say to you in the darkness, speak in the light; what you hear whispered, proclaim on the housetops. Mt 10,27 PLEASE, READ IN SILENCE Let us open our eyes, then, and see

307 views • 15 slides

More recommend