Version 6 (modified by sunshine, 14 years ago) (diff)

--

An ARP spoofing experiment where the attacker puts himself in between two nodes and then modifies their traffic. There are two classes of experiments that need to be combined:

  1. an experiment where ARP poisoning happens between two nodes by the attacker
  2. an experiment where an attacker changes traffic passing through it

Example 3: ARP poisoning with MITM attack

This example used two metadescriptions. The first was ARP poisoning which is a flavor of cache poisoning, and the other is MITM attack. This example is written in [CurrentlyProposedLanguage].

ARP poisoning metadescription

This is a special case of cache poisoning where the target is ARP cache.

define ARPPoisoning: import cachePoisoning cp

Logical topology:

Objects:

IP extends IPAddress

fakePA := cp.fakeResource, fakePA extends MACAddress

Cache := cp.Cache, Cache := {ARPRecord[] records}

Cardinality:

|IP|1

Relationships:

Timeline of events:

Definitions:

Attacker a, IP ip, fakePA fpa, Cache c

e1 := {type = ARPREPLY, origin = a, destination = c, content = (ip = fpa)}

s1 := {c.records += (ip = fpa)}

Timeline:

e1 -> s1

Invariants: Nothing in addition to the topology and timeline above.

MITM attack metadescription

define MITM:

Logical topology:

Objects:

Attacker, Node1, Node2 extends Node

Cardinality:

|Attacker|1

|Node1|1

|Node2|1

Relationships:

Timeline of events:

Definitions:

Attacker a, Node1 n1, Node2 n2

e1 := {type = MSG, origin = n1, destination = a, content = x}

e2 := {type = MSG, origin = a, destination = n2, content = modify(x)}

e3 := {type = MSG, origin = n2, destination = a, content = y}

e4 := {type = MSG, origin = a, destination = n1, content = modify(y)}

Timeline:

e1 -> e2 and e3 -> e4

Invariants: Nothing in addition to the topology and timeline above.

Experiment design

Now I'm a user who wants to design an experiment. I need to combine two metadescriptions (ARP poisoning and MITM attack) and somehow tie them down to generator choices. To combine I'll do something like this:

define MITMwARP: import ARPPoisoning arp1, ARPPoisoning arp2, MITMAttack mitm

Logical topology:

Objects:

arp1.FakePA := mac(mitm.Attacker)

arp1.IP := ip(mitm.Node2)

arp2.fakePA := mac(mitm.Attacker)

arp2.IP := ip(mitm.Node1)

Cardinality:

Relationships:

collocated(arp1.Cache, mitm.Node1)

collocated(arp2.Cache, mitm.Node2)

Timeline of events:

Definitions:

(timeline(arp1) and timeline(arp2)) -> timeline(mitm)

Timeline:

Invariants: Nothing in addition to the topology and timeline above.