A Survey on Backbone Attack

Güven, Ebu Yusuf; Yagci, Mehmet Yavuz; Boyacı, Ali; Yarkan, Serhan; Aydın, Muhammed Ali

doi:10.1109/isdfs.2019.8757546

Cited by 2 publications

(1 citation statement)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The tasks performed by network administrators tend to be complex and usually prone to errors, thus compromising network security. In fact, some attack techniques leveraging non-existent or bad configurations in layers 2 and 3 of the Open Systems Interconnection (OSI) model have been traditionally used by cyber adversaries [ 1 , 2 ].…”

Section: Introductionmentioning

confidence: 99%

Performance Analysis of Software-Defined Networks to Mitigate Private VLAN Attacks

Álvarez

Nuño

González

et al. 2023

Sensors

View full text Add to dashboard Cite

The defence-in-depth (DiD) methodology is a defensive approach usually performed by network administrators to implement secure networks by layering and segmenting them. Typically, segmentation is implemented in the second layer using the standard virtual local area networks (VLANs) or private virtual local area networks (PVLANs). Although defence in depth is usually manageable in small networks, it is not easily scalable to larger environments. Software-defined networks (SDNs) are emerging technologies that can be very helpful when performing network segmentation in such environments. In this work, a corporate networking scenario using PVLANs is emulated in order to carry out a comparative performance analysis on defensive strategies regarding CPU and memory usage, communications delay, packet loss, and power consumption. To do so, a well-known PVLAN attack is executed using simulated attackers located within the corporate network. Then, two mitigation strategies are analysed and compared using the traditional approach involving access control lists (ACLs) and SDNs. The results show the operation of the two mitigation strategies under different network scenarios and demonstrate the better performance of the SDN approach in oversubscribed network designs.

show abstract

Section: Introductionmentioning

confidence: 99%

Performance Analysis of Software-Defined Networks to Mitigate Private VLAN Attacks

Álvarez

Nuño

González

et al. 2023

Sensors

View full text Add to dashboard Cite

show abstract

Design and analysis of data link impersonation attack for wired LAN application layer services

ElShafee

El‐Shafai

2022

J Ambient Intell Human Comput

View full text Add to dashboard Cite

Impersonation attack, also known as MAC spoofing, is widespread in wireless local area networks. Under this attack, the senders cannot control the device that listens to their traffic. On the other hand, the physical layer of the wired local area network is more secure, where the traffic is transmitted through cables and network nodes to the intended receivers. Each network node builds its MAC address table, which states stations that are physically connected (directly or indirectly) to each port, so traffic encryption is an unnecessary process. This paper discusses the design and testing of a new attack called a data link impersonation attack. In this attack, the attacker is considered a hardware intruder that deceives data link layer apparatus like the switches of layer two or three, taking advantage of a vulnerability in the MAC address table of the network nodes. That leads the network switches to send all the network traffic to the intruder instead of the real network device (usually a network service provider under attack). Intruder accepts all incoming requests/traffic from the service requester. If the intruder does not reply to the received requests sent by service requesters, it acts as a black hole intruder, simply causing a denial-of-service attack. If an intruder responds to these requests with fake replies to steal information from service requesters, it acts as a white hole intruder. During the attack, the intruder is transparent for the whole network and does not affect overall network performance and generally the network services, so it is so hard to be discovered by the network software running the network apparatus. Different scenarios were tested using different network simulators and physical networks (CISCO L2/L3 switches). It is demonstrated that the attacker is successfully denied the service/application under attack. The proposed attack reveals the new vulnerability of the wired local area network and opens the door for network scientists to enhance network software that runs the network apparatus immune against the proposed attack.

show abstract

A Survey on Backbone Attack

Cited by 2 publications

References 12 publications

Performance Analysis of Software-Defined Networks to Mitigate Private VLAN Attacks

Performance Analysis of Software-Defined Networks to Mitigate Private VLAN Attacks

Design and analysis of data link impersonation attack for wired LAN application layer services

Contact Info

Product

Resources

About