Changes between Version 1 and Version 2 of MitmExample


Ignore:
Timestamp:
Nov 4, 2010 5:29:20 PM (14 years ago)
Author:
sunshine
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • MitmExample

    v1 v2  
    66== Example 3: ARP poisoning with MITM attack ==
    77
    8 This example used two metadescriptions. The first was ARP poisoning which is a flavor of cache poisoning, and the other is MITM attack.
     8This example used two metadescriptions. The first was ARP poisoning which is a flavor of cache poisoning, and the other is MITM attack. This example is written in [CurrentlyProposedLanguage].
    99
    1010
    1111=== ARP poisoning metadescription ===
    1212
    13   This is a special case of cache poisoning where the target is ARP cache. I've highlighted customizations from the general cache poisoning metadescriptions to arrive at this one.
     13  This is a special case of cache poisoning where the target is ARP cache.
    1414
    15 Dimensions:
    1615 * '''Logical topology:'''
    17    [[Image(arpcpobj.jpg)]]
    1816
    19    (in English: There is one attacker node. There is a fakeIP of type IPaddress. A cache is simply a collection of ARPRecord items, one or more. These are  subtypes of Info and in the domain knowledge DB there's syntax defined for an ARPRecord. Cache does not reside at the attacker.)
     17    '''Objects:'''
     18
     19      Attacker extends Node
     20 
     21      IP extends IPAddress
     22
     23      fakePA extends MACAddress
     24
     25      Cache extends Object
     26
     27      Cache := {ARPRecord[] records}
     28
     29    '''Cardinality:'''
     30
     31      |Attacker|,,1,,
     32
     33      |IP|,,1,,
     34
     35      |fakePA|,,1,,
     36
     37      |Cache|,,1,,
     38
     39    '''Relationships:'''
     40     
     41      not collocated(Cache, Attacker)
    2042
    2143
    2244 * '''Timeline of events: '''
    2345
    24   [[Image(arpwf.jpg, 50%)]]
     46  '''Definitions:'''
    2547
    26    (in English: Attacker sends the ARP reply with mapping of an ARP address to somebody's IP. This really could be anybody's ARP address but in most cases it is the attacker's.)
     48    Attacker a, IP ip, fakePA fpa, Cache c
     49
     50      e1 := {type = ARPREPLY, origin = a, destination = c, content = (ip = fpa)}
     51
     52      s1 := {c.records += (ip = fpa)}
     53
     54  '''Timeline:'''
     55
     56      e1 -> s1
     57 
     58
    2759
    2860 * '''Invariants:'''