Question

Man-in-the-middle is one of the most popular types of attack. It can be used to sniff victims credentials to penetrate their system. Research the following attacks to find methods to prevent this from happening:

MAC spoofing

DNS poisoning

DNS spoofing

ICMP redirect

Answer 1

MAC spoofing is the process of masking ( changing ) the MAC address by a malicious party to impersonate another device. The main reason behind this is that the MAC address in not encrypted. Thus we prevent MAC spoofing we have to hide the MAC address. We can do this in any one or more of the following ways:

(1) Encryption of the MAC address

(2) MAC address Randomization : i.e. the devices are given random MAC addresses which keeps rotating among devices. Thus it will become hard to track the new MAC address each time.

(3) Generate new MAC address for each device each time it makes a connection.

DNS Cache poisoning

Is a type of attack in which currupt data is inserted into the cache database DNS name server. A malicious party sends false IP addresses (which are controlled by the attacker) for requested domain names. Now this false IP address gets cached by the real DNS server and thus makes it poisionous. We can do the following to prevent it:

(1) Rely as little as possible on trust relationships with other DNS servers.

(2) It happens due to vulnerable DNS softwares. Hence most recent versions of DNS servers should be used.

(3) Use cache poisoning prevention tools like the DNSSEC (Domain name system security extension)

DNS spoofing

In a DNS server spoofing attack , a malicious party modifies the DNS server to reroute a specific domain name to a different IP address. And the new IP address is actually a server controlled by the attacker and which contains infected files , which are used to spread viruses . We can do the following to prevent DNS spoofing:

(1) Packet filtering: Inspect packets transmitted in the network

(2) Try best to keep address resolver private and protected. It should not be open to external users.

(3) Randomizing the query ID

(4) Manage our DNS server securely by hosting them by ourself, rather than get them hosted by a service provider.

ICMP redirect

Routers use ICMP redirect messages to the host to inform it of more direct routes to the destination when they use a non-optimal or defunct route. If the attacker is able to forge these ICMP redirect packets, he can send illicit ICMP redirect message which could result in a man-in-the-middle-attack or he can alter the routing tables on the host and divert the traffic. The best way to prevent such attacks is to:

(1) Disable ICMP redirect acceptance

(2) stop or minimise sending ICMP messages.

---------------------------------------------------------------------------------------------------------------------------------------------------