Version 3 (modified by 14 years ago) (diff) | ,
---|
An ARP spoofing experiment where the attacker puts himself in between two nodes and then modifies their traffic. There are two classes of experiments that need to be combined:
- an experiment where ARP poisoning happens between two nodes by the attacker
- an experiment where an attacker changes traffic passing through it
Example 3: ARP poisoning with MITM attack
This example used two metadescriptions. The first was ARP poisoning which is a flavor of cache poisoning, and the other is MITM attack. This example is written in [CurrentlyProposedLanguage].
ARP poisoning metadescription
This is a special case of cache poisoning where the target is ARP cache.
- Logical topology:
Objects:
Attacker extends Node
IP extends IPAddress
fakePA extends MACAddress
Cache extends Object
Cache := {ARPRecord[] records}
Cardinality:
|Attacker|1
|IP|1
|fakePA|1
|Cache|1
Relationships:
not collocated(Cache, Attacker)
- Timeline of events:
Definitions:
Attacker a, IP ip, fakePA fpa, Cache c
e1 := {type = ARPREPLY, origin = a, destination = c, content = (ip = fpa)}
s1 := {c.records += (ip = fpa)}
Timeline:
e1 -> s1
- Invariants: Nothing in addition to the topology and timeline above.
MITM attack metadescription
- Logical topology:
Objects:
Attacker, Node1, Node2 extends Node
Cardinality:
|Attacker|1
|Node1|1
|Node2|1
Relationships:
- Timeline of events:
Definitions:
Attacker a, Node1 n1, Node2 n2
e1 := {type = MSG, origin = n1, destination = a, content = x}
e2 := {type = MSG, origin = a, destination = n2, content = modify(x)}
e3 := {type = MSG, origin = n2, destination = a, content = y}
e4 := {type = MSG, origin = a, destination = n1, content = modify(y)}
Timeline:
e1 -> e2 and e3 -> e4
- Invariants: Nothing in addition to the topology and timeline above.
Experiment design
Now I'm a user who wants to design an experiment. I need to combine two metadescriptions (ARP poisoning and MITM attack) and somehow tie them down to generator choices. To combine I'll do something like this:
ARPPoisoning arp1, ARPPoisoning arp2, MITMAttack mitm
arp1.FakePA = mac(mitm.Attacker)
arp1.IP = ip(mitm.Node2)
collocated(arp1.Cache, mitm.Node1)
arp2.fakePA = mac(mitm.Attacker)
arp2.IP = ip(mitm.Node1)
collocated(arp2.Cache, mitm.Node2)
(arp1 and arp2) -> mitm