Stealth and semi-stealth MITM attacks, detection and defense in IPv4 networks

摘要

A Man-In-The-Middle(MITM) attack is one of the most well known attack on the computer networks. Out of the several variations of MITM, Address Resolution Protocol(ARP) Spoofing/Poisoning is widely used in packet interception and on-the-fly manipulation. Traditional MITM attacks by ARP Poisoning expose the attacker's identity and thereby physical location. In this paper, to the best of our knowledge it is for the first time that an MITM attack has been added with stealth capabilities. We propose two new attacks namely Stealth MITM(SMITM) and Semi-Stealth MITM(SSMITM) at the Data Link Layer using ARP Spoofing which add stealth capabilities to MITM attacks, thereby concealing the identity of an attacker. Finally, we give a detection and defense technique for the attacks. All the attacks proposed in the paper have been verified and successfully validated in a 300+ node real production network and test beds which include nodes with latest Linux and Windows operating systems under default and secured network scenarios. The results have been 100% effective and have proved the reproducibility of the proposed attacks.