Different flavours of Man-In-The-Middle attack, consequences and feasible solutions

Nayak, Gopi Nath; Samaddar, Shefalika Ghosh

doi:10.1109/iccsit.2010.5563900

Cited by 41 publications

(15 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…List of references Standardized DNS encryption methodologies [3,32,36,44,47,50,54,61,63,66,71,117] Adoption and performance [11, 12, 23, 30, 31, 38, 42, 46, 48, 53, 55-57, 81, 91, 92, 101, 111, 116, 117, 119] Benefits of DNS encryption [20,33,69,89,101,119,123] Practical issues and security vulnerability [9, 18, 19, 29, 34, 39, 49, 58, 59, 62, 64, 65, 67, 70, 72, 76-78, 80, 87, 88, 95, 96, 98, 100, 104, 119] Malware misuse: command and control (C&C) communications [28,33,45,51,75,90,93,94,106,108,118,121] Malware misuse: data exfiltration (or tunneling) [2,5,18,37,52,60,86,97,109] Detecting and classifying encrypted DNS traffic [26,27,35,41,…”

Section: Category Of Topics Covered By This Surveymentioning

confidence: 99%

“…This is because attackers need to establish TCP and TLS connections for each attempt of attack (i.e., malicious DNS lookup), leading to higher computing resources required to overwhelm a DNS server. Lastly, encrypting DNS communications between clients and resolvers also reduces the chance of man-in-the-middle (MITM) DNS spoofing attacks [89] that aim to mislead (i.e., redirect) clients towards malicious destination IP addresses by hijacking and manipulating DNS responses. As a use-case, authors of [69] developed a secured addressing mechanism using DoH for network time protocol (NTP) systems to prevent the off-path attacks [68] which redirect clients to malicious timing servers via manipulated DNS responses.…”

Section: Protecting User Privacymentioning

confidence: 99%

See 1 more Smart Citation

A Survey on DNS Encryption: Current Development, Malware Misuse, and Inference Techniques

Lyu,

Gharakheili,

Sivaraman

2022

Preprint

View full text Add to dashboard Cite

The domain name system (DNS) that maps alphabetic names to numeric Internet Protocol (IP) addresses plays a foundational role for Internet communications. By default, DNS queries and responses are exchanged in unencrypted plaintext, and hence, can be read and/or hijacked by third parties. To protect user privacy, the networking community has proposed standard encryption technologies such as DNS over TLS (DoT), DNS over HTTPS (DoH), and DNS over QUIC (DoQ) for DNS communications, enabling clients to perform secure and private domain name lookups. We survey the DNS encryption literature published since 2016, focusing on its current landscape and how it is misused by malware, and highlighting the existing techniques developed to make inferences from encrypted DNS traffic. First, we provide an overview of various standards developed in the space of DNS encryption and their adoption status, performance, benefits, and security issues. Second, we highlight ways that various malware families can exploit DNS encryption to their advantage for botnet communications and/or data exfiltration. Third, we discuss existing inference methods for profiling normal patterns and/or detecting malicious encrypted DNS traffic. Several directions are presented to motivate future research in enhancing the performance and security of DNS encryption.CCS Concepts: • Networks → Application layer protocols; Naming and addressing; • Security and privacy → Security protocols; Malware and its mitigation.

show abstract

Section: Category Of Topics Covered By This Surveymentioning

confidence: 99%

Section: Protecting User Privacymentioning

confidence: 99%

A Survey on DNS Encryption: Current Development, Malware Misuse, and Inference Techniques

Lyu,

Gharakheili,

Sivaraman

2022

Preprint

View full text Add to dashboard Cite

show abstract

“…Man in the Middle (MitM) attack is a hacking methodology whereby an attacker poisoned the ARP caches of two communicating hosts to intercept their communication with the aim of causing host exploitation such as session hijacking, theft of sensitive data, port stealing and impersonation of login credential [8]. To launch the attack, the attacker first collect the MAC addresses of its victims by broadcasting an ARP request to the victims' entire network.…”

Section: A Man In the Middle Attackmentioning

confidence: 99%

ARP Cache Poisoning Mitigation and Forensics Investigation

Mangut¹,

Al-Nemrat²,

Benzaid

et al. 2015

2015 IEEE Trustcom/BigDataSE/Ispa

View full text Add to dashboard Cite

Abstract-Address Resolution Protocol (ARP) cache spoofing or poisoning is an OSI layer 2 attack that exploits the statelessness vulnerability of the protocol to make network hosts susceptible to issues such as Man in the Middle attack, host impersonation, Denial of Service (DoS) and session hijacking.In this paper, a quantitative research approach is used to propose forensic tools for capturing evidences and mitigating ARP cache poisoning. The baseline approach is adopted to validate the proposed tools. The evidences captured before attack are compared against evidences captured when the network is under attack in order to ascertain the validity of the proposed tools in capturing ARP cache spoofing evidences.To mitigate the ARP poisoning attack, the security features DHCP Snooping and Dynamic ARP Inspection (DAI) are enabled and configured on a Cisco switch. The experimentation results showed the effectiveness of the proposed mitigation technique.

show abstract

“…Gopi Nath Nayak and Shefalika Ghosh Samaddar [11] proposed two solutions in order to prevent ARP poisoning. The first one sends arping request messages to the default gateway at fixed time intervals.…”

Section: Related Workmentioning

confidence: 99%

An ICMP based secondary cache approach for the detection and prevention of ARP poisoning

Tripathi

Mehtre

2013

2013 IEEE International Conference on Computational Intelligence and Computing Research

View full text Add to dashboard Cite

Address Resolution Protocol (ARP) poisoning is one of the most basic technique employed in computer hacking. ARP poisoning is used when a host is used to poison ARP cache of another host in order to send packets to some other destination than the intended one. This paper presents a feasible technique to detect and prevent the ARP poisoning by removing the multiple entries for the same MAC address or IP address from the ARP table using a secondary cache. This secondary cache contains the entries according to Internet Control Message Protocol (ICMP) responses. Since this technique prevents multiple entries for same IP address or MAC address, it also mitigates IP exhaustion problem. The secondary cache is maintained at every host which makes this technique distributed in nature, thereby prevents it from single point failure. Experimental results are also provided to support the proposal.

show abstract

Different flavours of Man-In-The-Middle attack, consequences and feasible solutions

Cited by 41 publications

References 1 publication

A Survey on DNS Encryption: Current Development, Malware Misuse, and Inference Techniques

A Survey on DNS Encryption: Current Development, Malware Misuse, and Inference Techniques

ARP Cache Poisoning Mitigation and Forensics Investigation

An ICMP based secondary cache approach for the detection and prevention of ARP poisoning

Contact Info

Product

Resources

About