Killing the Monkey in the Middle
来源:互联网 发布:互相依靠知乎 编辑:程序博客网 时间:2024/06/06 00:41
There are many ways for the attacker to insert themselves in the middle of a conversation. Just some of the tools at the attackers disposal include:
- DNS Cache Poisoning (metasploit)
- NETBIOS Names spoofing (nbtool at skullsecurity.org)
- Lie about the DNS,WINS and/or default gateway with a rouge DHCP server (yersinia, ettercap)
- deliver a WPAD file or otherwise reconfigure the browser proxy (metasploit)
- IPv6 ISATAP spoofing
- Attack routing protocols such as BGP MITM
- IP source routing attacks (netcat)
- ICMP Redirect messages (ettercap)
- ARP Cache Poisoning (yersinia, ettercap, cain)
- Switch Port Stealing (ettercap)
- Layer2 Mac Flooding* (yersinia, macflood, macof)
- Gratuitous Spanning Tree BPDU Root messages* (yersinia)
Some of these attacks work across the internet, but most of these are limited to the LAN and rely on Layer2. The good news is that many of these attacks can be mitigated with new features deployed in the latest version of Cisco's IOS (12.2 or better). BPDU Guard, DHCP Snooping, DHCP Snooping +Dynamic Arp Inspection , DHCP Snooping + IP Source Guard, ARP Rate Limiting, Mac Address port security, PVLAN Protected, Isolated, Community and Promiscuous ports and 802.1x can all be used to effectively limit many of these attacks. Listener Brian Almond (Infosec Samurai) submitted this PDF on layer two security. Give it a gander! Nice work Brian.
Download Brian Almond's paper here
Other resources
http://isc.sans.org/diary.html?storyid=7567
http://www.ciscopress.com/articles/article.asp?p=1181682
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/19ew/configuration/guide/dhcp.html
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/19ew/configuration/guide/dynarp.html
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/19ew/configuration/guide/bcastsup.html
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/19ew/configuration/guide/port_sec.html
Mark Baggett is teaching SANS 504 in Raleigh NC June 21st! Click here for more information.
- Killing the Monkey in the Middle
- Meet in the middle
- In the middle of nowhere
- PKU_ACM_2388_Who's in the Middle
- [转]Google in the middle
- Who's in the Middle
- Who's in the Middle
- hdu1157Who's in the Middle
- Man-in-the-middle attack
- Who's in the Middle
- Who's in the Middle
- Who's in the Middle
- Who's in the Middle
- Who's in the Middle
- Who's in the Middle
- hdu1157Who's in the Middle
- Who's in the Middle
- Who's in the Middle
- 揭秘炒房团利益链:为开发商提供民间融资
- 展会项目的总结
- Java中int 和 Integer 的区别
- CS0016: 未能写入输出文件“c:/WINDOWS/Microsoft.NET/***.dll”错误处理
- Tomcat虚拟地址
- Killing the Monkey in the Middle
- Apache Commons工具集简介
- 火狐关于html注释符的bug
- 慌------
- worker process 3577 exited on signal 11模拟
- DWR中Java方法的参数及返回值上篇
- 年度学习计划 (The study plan for next year)
- How to create alarm
- 转帖]汉语与英语的比较