CrazyEngineers
  • ceaalop

    ceaalop

    MemberDec 28, 2011

    Computer Networks - Final Year Project

    Hi, I am looking for a thesis topic that is in the field of computer networks. I have read articles and other websites to try and look for an idea but I always seem to be stuck at some point.

    As an example I was considering doing my topic on man-in-the-middle attacks and relating it to Wi-Fi hotspots. In fact I also found attack tools that are capable of launching such an attack. The problem that I found in this topic is that I do not know what I will be able to contribute by doing this project.

    In order to elaborate, I was reading for example a Cisco paper that explained mitigation techniques that could be used in order to protect against ARP Cache poisoning attacks (using cisco routers). I also found links to software/hardware products that are able to solve/mitigate the problem when they are implemented in wireless networks. I'm really confused because when I read this paper and other articles it seems as if the problem is solved while other articles on networking websites say that MITM attacks is still a big problem.

    Could you please give me suggestions on other network topics that I could consider for my dissertation? (the dissertation also has a testing part; so I must be able to test something). Also I would appreciate if someone can give me an idea about how I could approach man-in-the-middle attacks from a point where I am able to still produce a valid thesis.
    Replies
Howdy guest!
Dear guest, you must be logged-in to participate on CrazyEngineers. We would love to have you as a member of our community. Consider creating an account or login.
Replies
  • Kaustubh Katdare

    AdministratorDec 28, 2011

    Thread moved to IT engineering section.
    Are you sure? This action cannot be undone.
    Cancel
  • durga ch

    MemberDec 28, 2011

    I seem to understand where you are coming from, but I need further deatils to conclude. For example- when you are reading cisco independent work, the solution might be limited only for cisco devices , and might not be a standardised approach, so while few other papers might suggest the problem still persists , cisco papers might state its sovled. Have you checked further, what are the loopholes in the suggestions made by cisco papers?I would suggest read the latest published information, may be in past 2 yrs nothing older than that. That should help you to assertain till what extend the work has been completed.
    As I currently browse internet for already existing solutions for the MITM attack, i can see work being done at MIT as well, (i did not read all the approaches) but selecting one of them and try to implement it.
    Are you sure? This action cannot be undone.
    Cancel
  • ceaalop

    MemberDec 28, 2011

    thanks for your reply. I found this link: #-Link-Snipped-# from SANS and it describes some configuration commands that can be done on Cisco routers in order to mitigate ARP cache poisoning attacks. However the article also says that equivalent commands are also available on Brocade, HP and most other router/switches on the market. 😔

    I do not know if my thinking is right here, but I thought maybe I should test these mitigations techniques in a wireless hotspot environment and then document about whether there are any problems with them or if they work at all in such an environment. For example one technique mentioned in this website is DHCP snooping and I do not know whether such a technique can be used in a Wi-Fi hotspot scenario since it works by maintaining a table of MAC addresses and their corresponding IP addresses (similar to ARP table). Do you think that testing out these mitigations techniques in a wireless hotspot scenario and then documenting any problems with regards to factors such as performance and security still make this a valid thesis?

    With regards to the MIT research that you also mentioned I found some articles on the internet that said that MIT researchers have found a solution. Here's a detailed article if you're interested: #-Link-Snipped-#
    The other papers that I have read mostly suggested some alterations to the ARP protocol itself, however I will read some more so that I get a more information about the subject.
    Are you sure? This action cannot be undone.
    Cancel
  • durga ch

    MemberDec 29, 2011

    hello,

    after doing a little research over internet this is what i can contribute. DHCP snooping is just one for the ways in which MITM can 'hurt' the network. As mentioned in many documents, MITM problem can be hanlded by configuring all the ports by default as 'non-trustworthy' and reconfiguring only the port with the DHCP server as trusty port.
    For example-
    if host A and host B are conencted to a switch at ports 1 and 2 and DHCP server is conencted at port 6, the switch can be internally configured to restrict any DHCP replies from any other port than 6. Thus in case an attacker connects to port 7 and tries sending response, the switch simply discards. I beleive, this is the mitigation for MITM attacks and other network equipement manaufacturees too have their own command sets to configure the LAN switch in this fashion. This is all in wired LANs.

    Coming to wireless networks, rogue APs(access points) can be put up and the rougue AP can repsond as if its a authenticated AP to the communciating hosts. By far, I dont see a text describing mitigation of MITM in wireless networks. (I need to do further research).

    MITM techinuqes can be implemented as below:

    local area network:
    ARP poisoning
    DNS spoofing
    Port stealing
    STP mangling

    From Local to Remote(through gateway)
    ARP Poisoning
    DNS spoofing
    DHCP spoofing
    ICMP redirection
    IRDP spoofing
    route mangling

    remote:
    DNS poisoning
    traffic tunneling
    route mangling

    wireless:
    access point reassocation


    refer:- (documents are old , but give pretty good idea )
    1. #-Link-Snipped-#
    2. <a href="https://www.blackhat.com/presentations/bh-usa-03/bh-us-03-ornaghi-valleri.pdf" target="_blank" rel="nofollow noopener noreferrer">PDF</a>
    Are you sure? This action cannot be undone.
    Cancel
  • ceaalop

    MemberDec 30, 2011

    thanks for your detailed reply 😀 . with regards to ARP poisoning attacks as far as I know they can also be performed on wireless local area networks using tools such as Cain & Abel (there are plenty of videos on youtube showing this type of attack ).

    Although I am interested on the subject of rogue APs and evil twin setups, I would like to focus on detection/mitigation of MITM attacks in a wireless hotspot environment where the attacker sits in between the client machine and the access point (so no additional APs will be involved). Given the amount of literature that is already available on ARP cache poisoning I'll probably focus on this type of MITM attack.

    This wiki article <a href="https://en.wikipedia.org/wiki/ARP_Cache_Poisoning" target="_blank" rel="nofollow noopener noreferrer">Arp Cache Poisoning</a> contains a whole list of software/hardware that can be used in order to mitigate ARP cache poisoning attacks; but again the problem is I do not know whether these tools will work on wireless networks as well. In the coming days I'll read more about the detection and mitigation of MITM attacks on wireless networks so as to have a clearer picture.

    Sorry about the DHCP snooping part, didn't realize that it only worked on wired LANs. 😴
    Are you sure? This action cannot be undone.
    Cancel
  • Bashiruddin Naik

    MemberDec 30, 2011

    durga
    hello,

    after doing a little research over internet this is what i can contribute. DHCP snooping is just one for the ways in which MITM can 'hurt' the network. As mentioned in many documents, MITM problem can be hanlded by configuring all the ports by default as 'non-trustworthy' and reconfiguring only the port with the DHCP server as trusty port.
    For example-
    if host A and host B are conencted to a switch at ports 1 and 2 and DHCP server is conencted at port 6, the switch can be internally configured to restrict any DHCP replies from any other port than 6. Thus in case an attacker connects to port 7 and tries sending response, the switch simply discards. I beleive, this is the mitigation for MITM attacks and other network equipement manaufacturees too have their own command sets to configure the LAN switch in this fashion. This is all in wired LANs.

    Coming to wireless networks, rogue APs(access points) can be put up and the rougue AP can repsond as if its a authenticated AP to the communciating hosts. By far, I dont see a text describing mitigation of MITM in wireless networks. (I need to do further research).

    MITM techinuqes can be implemented as below:

    local area network:
    ARP poisoning
    DNS spoofing
    Port stealing
    STP mangling

    From Local to Remote(through gateway)
    ARP Poisoning
    DNS spoofing
    DHCP spoofing
    ICMP redirection
    IRDP spoofing
    route mangling

    remote:
    DNS poisoning
    traffic tunneling
    route mangling

    wireless:
    access point reassocation


    refer:- (documents are old , but give pretty good idea )
    1. #-Link-Snipped-#
    2. <a href="https://www.blackhat.com/presentations/bh-usa-03/bh-us-03-ornaghi-valleri.pdf" target="_blank" rel="nofollow noopener noreferrer">PDF</a>
    Thanks for the details!!
    I looking for this..
    Are you sure? This action cannot be undone.
    Cancel
  • ceaalop

    MemberJan 1, 2012

    for anyone that is following this thread and is interested in wireless man-in-the-middle attacks, check this paper published by MIT researchers: <a href="https://people.csail.mit.edu/gshyam/Papers/TEP.pdf" target="_blank" rel="nofollow noopener noreferrer">PDF</a>

    I'm reading it at the moment 😀
    Are you sure? This action cannot be undone.
    Cancel
Home Channels Search Login Register