man in the middle attacks
play

Man in the Middle Attacks Engineering Secure Software Last Revised: - PowerPoint PPT Presentation

Sep 22, 2022 •242 likes •398 views

Man in the Middle Attacks Engineering Secure Software Last Revised: September 1, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 High Level View Allows the hacker to sit in between all communication between client and

  1. Man in the Middle Attacks Engineering Secure Software Last Revised: September 1, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1

  2. High Level View Allows the hacker to sit in between all communication ● between client and server They sniff packets, manipulate/change/insert new ● data/commands without either client or server being aware Target User Hacker App/Server SWEN-331: Engineering Secure Software Benjamin S Meyers 2

  3. How Can This Happen? One of the most common methods is called “ARP Cache ● Poisoning” ARP: Address Relay Protocol (DataLink Layer) ○ ARP is used by computers to find ‘who has a particular IP ● address’ and then bind to that computer’s MAC address ARP is a broadcast protocol ( a cry for help ) ● Attackers can send false replies to an ARP request, inserting ● their own computer as a fake network citizen Once this happens, they can impersonate either the end-point ○ or the gateway (which allows snooping/inserting into all traffic) SWEN-331: Engineering Secure Software Benjamin S Meyers 3

  4. ARP Spoofing ? 3 2 . 2 2 . 1 2 . 0 0 2 Switch s a h o h W W h o h a s 2 0 0 . 2 1 . 2 2 . 2 3 ? User Target App/Server IP: 200.21.22.20 IP: 200.21.22.23 MAC: aa:aa:aa:aa:aa:aa Hacker IP: 200.21.22.21 MAC: cc:cc:cc:cc:cc:cc SWEN-331: Engineering Secure Software Benjamin S Meyers 4

  5. ARP Spoofing Switch cc:cc:cc:cc:cc:cc User Target App/Server IP: 200.21.22.20 IP: 200.21.22.23 MAC: aa:aa:aa:aa:aa:aa Hacker IP: 200.21.22.21 MAC: cc:cc:cc:cc:cc:cc SWEN-331: Engineering Secure Software Benjamin S Meyers 5

  6. ARP Spoofing Switch User Target App/Server IP: 200.21.22.20 IP: 200.21.22.23 MAC: aa:aa:aa:aa:aa:aa Hacker IP: 200.21.22.21 MAC: cc:cc:cc:cc:cc:cc SWEN-331: Engineering Secure Software Benjamin S Meyers 6

  7. ARP Example Command: arp -a ● nitron$ arp -a Host Ethernet Address Netif Expire Flags nitron.se.rit.edu 00:50:56:99:72:ec em0 permanent 1 gleep.se.rit.edu 00:a0:98:31:30:58 em0 10m6s control.se.rit.edu 00:50:56:8c:00:36 em0 17m12s potamus.se.rit.edu 00:50:56:8c:00:1e em0 19m46s norville.se.rit.edu 00:c0:9f:3f:4a:1e em0 12m31s freezoid.se.rit.edu 00:25:90:6c:38:82 em0 19m39s zin.se.rit.edu 00:0d:b9:42:d6:60 em0 19m39s grapeape.se.rit.edu 00:50:56:99:6c:19 em0 13m26s dynomutt.se.rit.edu 00:0d:b9:4c:ab:3c em0 19m39s rit-west3-gw-070-vlan208.rit.edu f4:cc:55:de:3a:92 em0 20m0s SWEN-331: Engineering Secure Software Benjamin S Meyers 7

  8. Notes Attack can only be used on networks that use ARP and the ● attacker must have direct access to the local network segment being targeted Just about everyone uses ARP! ○ Since you need to have your attacking software on the local ○ network segment for this to work, hackers are always looking for ways to infiltrate your environment Thus, all of the network discovery port scans ■ SWEN-331: Engineering Secure Software Benjamin S Meyers 8

  9. How Can This Be Prevented? ARP cache poisoning is one of the hardest hacks to prevent, ● but some tools do exist Static IP/MAC lists (difficult to manage on large networks) ○ ARP spoofing detection software ○ Can be integrated into DHCP server ■ Can be part of the switch/router ■ Can be on local PC ■ Can be within the OS ■ SWEN-331: Engineering Secure Software Benjamin S Meyers 9

  10. DNS Cache Poisoning Cache poisoning affects more than just ARP ● Domain Name Server/System (DNS) ● DNS nameservers keep track of which IP addresses map to ○ which hostnames (e.g. www.google.com) There are multiple authoritative DNS nameservers ○ When you ask for an IP address for www.google.com, an attacker ○ can respond with a malicious IP address CVE-2008-1447 and CVE-2008-4392 ○ CAPEC-141 ○ SWEN-331: Engineering Secure Software Benjamin S Meyers 10 10

  11. DNS Cache Poisoning query_id query_id Source: https://www.cloudflare.com/learning/dns/dns-cache-poisoning/ SWEN-331: Engineering Secure Software Benjamin S Meyers 11 11

  12. DNS Cache Poisoning query_id query_id Source: https://www.cloudflare.com/learning/dns/dns-cache-poisoning/ SWEN-331: Engineering Secure Software Benjamin S Meyers 12 12

  13. DNS Cache Poisoning query_id query_id query_id Source: https://www.cloudflare.com/learning/dns/dns-cache-poisoning/ SWEN-331: Engineering Secure Software Benjamin S Meyers 13 13

  14. DNS Cache Poisoning Why does this happen? ● DNS uses UDP, not TCP ○ Source: https://www.cloudflare.com/learning/dns/dns-cache-poisoning/ SWEN-331: Engineering Secure Software Benjamin S Meyers 14 14

  15. How Can This Be Prevented? DNS cache expires ● Time-to-Live (TTL) ○ BUT: attackers sets a TTL when they poison the DNS cache ○ Admins can flush DNS caches, but they usually don’t ● Randomizing query_ids ● Attackers can still guess the query_id (there’s no such thing as ○ true random in computers) Also randomize the source port for the DNS query ● DNSSEC: authenticate nameservers using public/private keys ● SWEN-331: Engineering Secure Software Benjamin S Meyers 15 15

Recommend

MitM attacks on sessions t attac s o sess o s sws2 1 MitM (Man-in-the-Middle)attacks ( )

MitM attacks on sessions t attac s o sess o s sws2 1 MitM (Man-in-the-Middle)attacks ( )

Software and Web Security 2 MitM attacks on sessions t attac s o sess o s sws2 1 MitM (Man-in-the-Middle)attacks ( ) MitM attack: attacker gets between the browser and the web server, eg eg by setting up a wifi access point

345 views • 9 slides
Protecting Free and Open Communications on the Internet Against Man-in-the-Middle Attacks on

Protecting Free and Open Communications on the Internet Against Man-in-the-Middle Attacks on

Protecting Free and Open Communications on the Internet Against Man-in-the-Middle Attacks on Third-Party Software Jeffrey Knockel, Jedidiah Crandall Computer Science Department University of New Mexico Recent News Iran: forged SSL

569 views • 27 slides
Lets Revoke Public key infrastructure prevents Man-in-the-Middle attacks Revocation protects

Lets Revoke Public key infrastructure prevents Man-in-the-Middle attacks Revocation protects

Lets Revoke Public key infrastructure prevents Man-in-the-Middle attacks Revocation protects clients from compromised certificates Without revocation, these attacks would go undetected 2 Certificate Revocation Lists (CRLs) Lists of

544 views • 27 slides
Man-in-the-Middle attacks revisited Hugo Jonker, Rolando Trujillo, Sjouke Mauw Man-in-the-middle

Man-in-the-Middle attacks revisited Hugo Jonker, Rolando Trujillo, Sjouke Mauw Man-in-the-middle

Man-in-the-Middle attacks revisited Hugo Jonker, Rolando Trujillo, Sjouke Mauw Man-in-the-middle attack Diffie-Hellman Alice Bob new na new nb g na g nb K = (g nb ) na K = (g na ) nb Man-in-the-middle attack Diffie-Hellman Alice Bob Alice

401 views • 25 slides
Exhausting Demirci-Sel cuk Meet-in-the-Middle Attacks against Reduced-Round AES Patrick Derbez

Exhausting Demirci-Sel cuk Meet-in-the-Middle Attacks against Reduced-Round AES Patrick Derbez

Introduction Demirci and Sel cuk Attack Differential Enumeration Technique Conclusion Exhausting Demirci-Sel cuk Meet-in-the-Middle Attacks against Reduced-Round AES Patrick Derbez 1 Pierre-Alain Fouque 1 , 2 Ecole Normale Sup

1.25k views • 60 slides
Certificate Measurements to Detect Man-in-the-Middle Attacks and Middleboxes Mark ONeill,

Certificate Measurements to Detect Man-in-the-Middle Attacks and Middleboxes Mark ONeill,

Certificate Measurements to Detect Man-in-the-Middle Attacks and Middleboxes Mark ONeill, Scott Ruoti, Kent Seamons, Daniel Zappala Internet Research Lab & Internet Security Research Lab Brigham Young University Certificate validation

484 views • 14 slides
Heart Attacks in Middle-aged Recreational Athletes Karl Cernovitch Alex C. Samak Jay Brophy

Heart Attacks in Middle-aged Recreational Athletes Karl Cernovitch Alex C. Samak Jay Brophy

Heart Attacks in Middle-aged Recreational Athletes Karl Cernovitch Alex C. Samak Jay Brophy MD,PhD Mark Goldberg PhD Royal Victoria Hospital Clinical Epidemiology Unit If it happened to a Pro, it could happen to you! Montreal

963 views • 21 slides
in Middle Tennessee Prevent Asthma Attacks in Children Gwen Sunkel, Indiana University-Purdue

in Middle Tennessee Prevent Asthma Attacks in Children Gwen Sunkel, Indiana University-Purdue

Breathe Easy: Helping Parents in Middle Tennessee Prevent Asthma Attacks in Children Gwen Sunkel, Indiana University-Purdue University Indianapolis United Neighborhood Health Services Nashville, TN Introduction Gwen en Sun unkel, , RN

570 views • 15 slides
Man in the middle attacks on IEC 60870-5-104 Pete Maynard @pgmaynard ORCID 0000-0002-6267-7530

Man in the middle attacks on IEC 60870-5-104 Pete Maynard @pgmaynard ORCID 0000-0002-6267-7530

Man in the middle attacks on IEC 60870-5-104 Pete Maynard @pgmaynard ORCID 0000-0002-6267-7530 Introduction Pete Maynard PhD Student CSIT Queen's University Belfast, UK Industrial Control System Security Partnership with

584 views • 34 slides
MitM attacks on HTTPS sessions Much of this material can also be seen in DEFCON 2009 presentation

MitM attacks on HTTPS sessions Much of this material can also be seen in DEFCON 2009 presentation

Software and Web Security 2 MitM attacks on HTTPS sessions Much of this material can also be seen in DEFCON 2009 presentation by Moxie Marlinspike; see URL on course page sws2 1 MitM (Man-in-the-Middle) attacks MitM attack: attacker

971 views • 38 slides
Match Box Meet-in-the-Middle Attack against KATAN Thomas Fuhr and Brice Minaud ANSSI, France

Match Box Meet-in-the-Middle Attack against KATAN Thomas Fuhr and Brice Minaud ANSSI, France

Match Box Meet-in-the-Middle Attack against KATAN Thomas Fuhr and Brice Minaud ANSSI, France FSE, March 3-5 2014 Plan 1 Match Box Meet-in-the-Middle Attacks Sieve-in-the-Middle Framework Match Box Cryptanalysis of KATAN 2 Description

1.61k views • 37 slides
NETWORKING ATTACKS NETWORKING ATTACKS NOTICES Lab #2 extended to Feb. 17 @ 23:59 HW #3

NETWORKING ATTACKS NETWORKING ATTACKS NOTICES Lab #2 extended to Feb. 17 @ 23:59 HW #3

CMPS122: COMPUTER SECURITY NETWORKING ATTACKS NETWORKING ATTACKS NOTICES Lab #2 extended to Feb. 17 @ 23:59 HW #3 due tonight NETWORKING ATTACKS LAST TIME TCP/IP networking stack Physical layer Data link layer Network

1.1k views • 61 slides
The middle program $ middle 3 3 5 middle: 3 $ middle 2 1 3 middle: 1 10 10 int main(int

The middle program $ middle 3 3 5 middle: 3 $ middle 2 1 3 middle: 1 10 10 int main(int

Detecting Anomalies Andreas Zeller 1 Tracing Infections For every infection, we must find the earlier infection that causes it. Which origin should we focus upon? 2 2 Tracing Infections 3 3 Focusing on Anomalies

522 views • 27 slides
Generic Attacks on Stream Ciphers John Mattsson Generic Attacks on Stream Ciphers 2/22

Generic Attacks on Stream Ciphers John Mattsson Generic Attacks on Stream Ciphers 2/22

Generic Attacks on Stream Ciphers John Mattsson Generic Attacks on Stream Ciphers 2/22 Overview What is a stream cipher? Classification of attacks Different Attacks Exhaustive Key Search Time Memory Tradeoffs

656 views • 22 slides
Wireless Security Wireless Network Attacks Access control attacks These attacks attempt to

Wireless Security Wireless Network Attacks Access control attacks These attacks attempt to

Wireless Security Wireless Network Attacks Access control attacks These attacks attempt to penetrate a network by using wireless or evading WLAN access control measures, like AP MAC filters and 802.1X port access controls. Type of Attack

184 views • 7 slides
Welcome to Randolph Middle School An IB World School Randolph Middle School

Welcome to Randolph Middle School An IB World School Randolph Middle School

Welcome to Randolph Middle School An IB World School Randolph Middle School Charlotte-Mecklenburg Schools International Baccalaureate Middle Years Program Grades 6 8 Brian Bambauer, Principal Fast Facts RMS was built in1967

673 views • 40 slides
WELCOME TO LASALLE SPRINGS MIDDLE SCHOOL! Which one are you? MIDDLE SCHOOL MODEL Image taken

WELCOME TO LASALLE SPRINGS MIDDLE SCHOOL! Which one are you? MIDDLE SCHOOL MODEL Image taken

WELCOME TO LASALLE SPRINGS MIDDLE SCHOOL! Which one are you? MIDDLE SCHOOL MODEL Image taken from Noblesville East Middle School MIDDLE SCHOOL TEAMS 6 TH GRADE LEVEL TEAMS Searchers Seekers TEACHER MAKE-UP 2 Language Arts 1 Social

546 views • 42 slides
Revere Middle School Welcome to Middle School! A major goal of middle school is to help students

Revere Middle School Welcome to Middle School! A major goal of middle school is to help students

Revere Middle School Welcome to Middle School! A major goal of middle school is to help students learn how they can be successful learners and creative problem solvers. We strive to help students find the balance of challenging themselves

439 views • 18 slides
Wiretapping End-to-End Encrypted VoIP Calls Real-World Attacks on ZRTP Dominik Schrmann, Fabian

Wiretapping End-to-End Encrypted VoIP Calls Real-World Attacks on ZRTP Dominik Schrmann, Fabian

Institute of Operating Systems and Computer Networks Wiretapping End-to-End Encrypted VoIP Calls Real-World Attacks on ZRTP Dominik Schrmann, Fabian Kabus, Gregor Hildermeier, Lars Wolf, 2017-07-18 Introduction Man-in-the-Middle ZRTP

396 views • 24 slides
Meet in the Middle - STP March 20, 2019 1 / 17 Last weeks exercise Solution on whiteboard.

Meet in the Middle - STP March 20, 2019 1 / 17 Last weeks exercise Solution on whiteboard.

Meet in the Middle - STP March 20, 2019 1 / 17 Last weeks exercise Solution on whiteboard. 2 / 17 Recap of MitM attack Whiteboard 3 / 17 Searching for attacks By hand - Last week(s) Using the computer - This week 4 / 17

689 views • 23 slides
CONSERVATION CONSERVATION EASEMENTS: Fiscal Impacts to Localities in the Middle Peninsula Middle

CONSERVATION CONSERVATION EASEMENTS: Fiscal Impacts to Localities in the Middle Peninsula Middle

CONSERVATION CONSERVATION EASEMENTS: Fiscal Impacts to Localities in the Middle Peninsula Middle Peninsula Jackie Rickards Middle Peninsula Planning District Commission July 13, 2011 1 Location of the Middle Peninsula Peninsula Middle

412 views • 37 slides
MIDDLE SCHOOL COURSE INFORMATION NIGHT 2017 MIDDLE SCHOOL TEAM Head of Middle School and

MIDDLE SCHOOL COURSE INFORMATION NIGHT 2017 MIDDLE SCHOOL TEAM Head of Middle School and

MIDDLE SCHOOL COURSE INFORMATION NIGHT 2017 MIDDLE SCHOOL TEAM Head of Middle School and Head of Year 10: Liz Nevins Head of Year 9 Daniel Toma Middle School Coordinators Dianna Moore, Tyler Phillips, John Box, Michael

513 views • 33 slides
NEIGHBORHOODS Strategies to stabilize CLEVELAND MIDDLE NEIGHBORHOODS Middle Neighborhoods Field

NEIGHBORHOODS Strategies to stabilize CLEVELAND MIDDLE NEIGHBORHOODS Middle Neighborhoods Field

CLEVELAND MIDDLE NEIGHBORHOODS Strategies to stabilize CLEVELAND MIDDLE NEIGHBORHOODS Middle Neighborhoods Field Jason Powers, Project Director Cleveland Middle Neighborhoods Initiative Alan Mallach, Senior Fellow Center for Community

539 views • 53 slides
Backbone Infrastructure Attacks and Protections draft-savola-rtgwg-backbone-attacks-01.txt Pekka

Backbone Infrastructure Attacks and Protections draft-savola-rtgwg-backbone-attacks-01.txt Pekka

Backbone Infrastructure Attacks and Protections draft-savola-rtgwg-backbone-attacks-01.txt Pekka Savola Introduction Describes a view of ISP backbone network attacks Lots of folks in IETF and elsewhere had quite different ideas whats out

529 views • 9 slides

More recommend