My Lab

ARP Spoofing: A form of Man-in-the-middle Attack

Many people know that a network is used to transfer information from one point to another. However, many of them don’t know that this very information can be sniffed/eavesdropped. Man-in-the-middle (MITM) is one attack to sniff information sent between end-points. As the name inferred, the attacker wants to be a third person in a supposedly a two-person communication. Let’s make this clear. Suppose Alice and Bob are communicating through a network. Then there is Eve who wants to know what kind of talks that Alice and Bob are in.

Okay, then what? The first thing that Eve has to do is to impersonate both Alice and Bob and put herself “in the middle”. When Alice sends a message to Bob, in reality Alice sends a message to Eve who impersonates Bob. The same thing happens when Bob is sending a message to Alice. Eve receives the message from Bob.

One thing to realize is that both Alice and Bob don’t know that they are being intercepted. This is sweet!

Continue reading

Self-Defending Networks

What are Self-defending Networks?

The self-defending network is a new initiative created by Cisco for system security. The idea here is to get the network having the ability to defend itself so that threat mitigations can be more effective. As we know, sometimes the admin has to go to a certain website to know the latest virus outbreak or threat and then defend his/her network. Remember the case of Code Red or SQL Slammer where it spread in exponential time. Going to a certain forum or website to look for the latest outbreak, and then patching the network are simply ineffective. By the time we patch our network, chances are that some local users may already be infected. We need a more effective approach to defend our networks.

Continue reading