A Man In The Middle Invasion Computer Science Essay

Today computer networks are being used to transmit huge amounts of data which might or may not contain sensitive information. In this document I will be discussing ways in which your networks may become venerable to problems. Man in the centre disorders, spanning tree attacks, security issues related to trunking, and security issues associated with personality spoofing.

What is a guy in the centre attack?

Man in the centre assault is a name given to a type of attack where the person intercepts communication being sent across a data network. This sort of attack is also known as a Bucket-brigade episode, Fire brigade harm, Monkey-in-the-middle attack, Period hijacking, TCP hijacking, TCP time hijacking etc.

Man in the centre attack can be an attack that is usually performed on a interior network. Man in the centre attacks are where hackers add a rouge device onto the network then intercept communication between two network devices. This is done by mailing out some ARP requests and ARP reactions to two devices making them think that they are talking to each other.

An example of a man in the centre attack would contain two hosts, sponsor one and host two. The hacker would hook up a rouge device, variety three, most likely on the same swap that both sponsor one and two are linked to. Once that the guy can speak on the network he'd then send out ARP requests and responses to both web host one and two making them assume that he's the other host. This can make sponsor one and two re-route there connection through variety three. once coordinator one and number two are communicating between one another via the new interconnection established by coordinator three, the hacker will now be able to capture packets dispatched between them.

Once an attacker has performed a man in the middle attack, they can use this in a number of ways for example Public Key Exchanging, Command Injection, Malicious Code Injection, Downgrade Problems etc.

There are numerous tools available that network managers will use in order to monitor their networks. These tools can also be used from a hackers perspective as they permit the hacker to capture packets that are being directed over the network. This essentially allows the hacker to see what you are really doing.

The following tools are generally used for capturing and analysing network traffic by an attacker

Wireshark is a network protocol analyzer. It lets you take and interactively browse the traffic running on a computer network. It has a rich and powerful feature collection and is world's most popular tool of its kind. It operates on most processing platforms including Home windows, OS X, Linux, and UNIX. Network experts, security experts, developers, and educators around the world put it to use regularly. It is easily available as open source, and is released under the GNU General Public License version 2.

http://wireshark. com

Ettercap is a thorough collection for man in the middle attacks. It features sniffing of live cable connections, content filtering on the fly and a great many other interesting methods. It supports effective and passive dissection of many protocols and includes many features for network and coordinator analysis.

http://ettercap. sourceforge. net/

dsniff is a assortment of tools for network auditing and penetration evaluation. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively screen a network for interesting data (passwords, e-mail, documents, etc. ). arpspoof, dnsspoof, and macof help in the interception of network traffic normally unavailable to an attacker (e. g, anticipated to layer-2 switching). sshmitm and webmitm implement effective monkey-in-the-middle attacks against redirected SSH and HTTPS consultations by exploiting weak bindings in ad-hoc PKI.

http://www. monkey. org/~dugsong/dsniff/

Yersinia is a network tool made to take benefit of some weakeness in several network protocols. It pretends to be always a solid platform for analyzing and testing the deployed networks and systems.

http://www. yersinia. net/

Spanning Tree Attacks

Spanning tree protocol is a protocol that is implemented to assist in preventing switching loops from accruing. In networking is it good to obtain redundancy, this is where you have more than one link with devices on the network. For instance move one and change two. You may have more than one connection hooking up these switches along so if one connection goes down the switches it's still able to communicate with one another. If spanning tree protocol is enabled it could make one website link lively and one link would be dormant so if the dynamic link falls the second link will be triggered and the connection between your switches will remain. Spanning tree does indeed this by setting up a topology of most switches in the network that support the spanning tree protocol. Spanning tree protocol does this by mailing out bridge protocol data models. Bridge protocol data items includes information about ports, switches, addresses, port priority, etc. Once that the topology has been created the spanning tree protocol would analyse the info collected and choose the best path, this is conducted on the switch that is chosen to be the course bridge. The option bridge will take into consideration, cost as well as range speed, when coming up with the decision of choosing the best path. All other links will be down until a web link becomes unavailable, as this happens the road bridge would select the next best path.

The first step an attacker would perform over a spanning tree invasion is always to take over the route bridge, they can perform this by mailing out spanning tree protocol communications with important value which makes it the designated path bridge. Out of this the attacker makes it so they could choose what course the data takes when communicating over the network. They could change the systems lively topology from a high quickness network to a minimal swiftness network by activating the redundant links rather than the links the protocol has recognized as the best avenue. This would come in useful when performing a man in the centre attack, as you'd be in a position to make the info travel with a route that had not been initially organized for allowing the data to travel via the packet screen the attacker has introduced onto the network. This will help you to capture the info that is being transmitted above the network. Another assault that may be performed would be an denial of service strike, this is done by enabling all routes on the network creating an infinite switching loop. This loop would take in all the switches CPU ability and lower the network.

In order to keep your switches from encountering spanning tree disorders, the network manager will need to make certain that the protocol was configured accurately. BPDU guard is a great way of securing your network from spanning tree episodes. Network professionals would allow BPDU Officer on access points which means you don't encounter any end devices being able to change the spanning tree topology. If a rouge swap is created onto the network with better ideals than the existing route bridge, it will cause the topology to improve. But when you hook up a rouge change when BPDU safeguard is enabled, as soon as the switch transmits out and receives the first BPDU the dock is turn off and can only just be enabled again once the no shut demand is granted on the turn. By shutting down the interface down this inhibits the spanning tree topology to be influenced. BPDU filtering on the other hand only filters BPDU messages it will prevent inbound and outbound announcements, this will disable port fast if the BPDU is received. Effectively which means that spanning tree protocol is disabled on the dock, this is actually the same as spanning tree being disabled allowing switching loops to occur on the network.

Security Issues Related to Trunks and Trucking Protocols

Trucking protocol is a protocol used that will allow traffic to stream between linked switches. For instance VLAN Trucking Protocol allows the settings of one turn to be used in a number of switch's inside a VTP domain.

To do this you'll have to create VLAN Trucking Protocol. First you'll have to configure a switch with VLAN Trucking Protocol method set to server. This allows the switch to operate as a server for VLAN Trucking Protocol. Once you've successfully setup your change as a VLAN Trucking Protocol server, you would then setup a trunk website link. You do this by establishing a port on your switches network software to trunk setting. You would then hook up another switch via the network interface you set to trunk. Once you have connected the move, you would have to set the VLAN Trucking Protocol to consumer. Given that you have establish the change to VLAN Trucking Protocol function client, the change will now download all configurations from the move behaving as VLAN Trucking Protocol mode server. This consists of VLANs etc.

Hackers can exploit this protocol in several ways for example;

The first way a hacker could exploit this protocol would be if indeed they were to connect a rouge move with its VLAN Trucking Protocol established to client. If plugged into another move the change will recognise that there surely is a trunk hyperlink and place the interface up consequently. The change would then automatically download all the configurations off of the closest server. After the move has downloaded the network construction the hacker would then be able to This would permit the hacker to be able to plug in virtually any device and this allows communication over the network the network. This would compromise the systems security, as the hacker would then have the ability to create monitoring software on the network user interface of the trunk allowing any data passed above the trunk to be captured.

Another way VLAN Trucking Protocol could be exploited, would to configure your rouge move with VLAN Trucking Protocol arranged to mode server. When the switch links to the network the configurations which may have been configured on the transition will be employed to all or any other switches linked to the network with the VLAN Trucking Protocol place to client. This might permit the hacker to have the ability to re-configure the network.

VLAN hopping episode allows an attacker to have the ability to gain unauthorised usage of another type of VLAN by mailing tagged packets onto the network with the VLAN ID of another VLAN. This works as a transition would go through the VLAN tag before it moves the packet on, this happens even if the interface that the meaning was dispatched from isn't designated to the target VLAN.

You can protect your trunk protocols in a number of ways, one of which would be to assign passwords to your trunk links. This makes it so you have to have the correct password configured within the settings of your entire switch's. Once that all of your switches have accurate passwords configured you'll be able to create a secure connection between your devices. In the event the passwords are incorrect, the trunk hyperlink would not allow data to move between your devices with incorrect passwords configured.

Another way of fabricating a secure trunk website link between switches would be to setup switch port security. This is a security protocol that allows you to set the MAC address of the connected device, this means that only the device with the right MAC address configured will be able to make a connection. A couple of tree different security configurations involved with switch slot security, shutdown, restrict, protect. In case the MAC address is wrong and switch port security is set to shutdown the turn be put into a state where it blocks all traffic being delivered to the interface. Protect on the other palm keeps the link open up but drops all packets being dispatched from MAC addresses that are not configured to be allowed. Restrict is similar to protect but it creates a system log subject matter and increases the violation counter.

To prevent VLAN hopping attacks the transition would use ingress filtering to drop all tagged packets, since workstations attacked to advantage ports should not send tagged packets into the network.

Security Issues related to Spoofing of frames

When you spoof frames it is so that you have the ability to make the devices on your network think that you are another person. there are many types of frames spoofing attacks that can be performed on the network such as ARP spoofing.

ARP is a protocol utilized by sites to map out IP addresses to the hardware addresses. ARP spoofing is usually performed within the person in the centre attack process. ARP spoofing is in which a hacker would send out messages onto an area network, these communications allow the hacker to connect his MAC address with the Ip of another number. The purpose of this might be to get information that has been from two hosts.

DNS spoofing is an assault performed on into the DNS name servers cache, this harm allows the attacker to return a incorrect IP address, this will often return the Ip of the attacker permitting them to display a full page that they have created instead of the genuine source. Cache poisoning assault is the name directed at the episode the hacker use. Normally the DNS server would be provided by the ISP however in big organisations they are deployed on site to be able to speed up quality times. The assault functions by exploiting a flaw within the DNS software. When the server does not properly validate the repossesses created from the user that has wanted the DNS the server will cache inappropriate entry's. When a another user tries to gain access to the same webpage, the incorrect accessibility will be issued. If performed appropriately the user will not be able to access the site that they need but in go back they will get the site that the hacker wishes these to see.

In networking the MAC address is employed to recognize the hardware from the IP address of a bunch. MAC address spoofing is a episode that is performed on network hardware which allows the attackers MAC address seem different, usually the assault is performed to help make the address show up as a MAC address of another variety presently on the network. Networks today allow there professionals to deploy MAC address filters, when these filters are deployed they limit traffic to rouge devices that contain not been configured within the MAC address access control list. Spoofing MAC address allows a hacker to make use of the MAC address of a bunch that is on the access control list, granting them gain access to on the network.

Discuss protocols and techniques which may be used to protect the network from the shape spoofing episodes you discovered above

Also We Can Offer!

Other services that we offer

If you don’t see the necessary subject, paper type, or topic in our list of available services and examples, don’t worry! We have a number of other academic disciplines to suit the needs of anyone who visits this website looking for help.

How to ...

We made your life easier with putting together a big number of articles and guidelines on how to plan and write different types of assignments (Essay, Research Paper, Dissertation etc)