TY - GEN
T1 - Man in the middle intrusion detection
AU - Trabelsi, Zouheir
AU - Shuaib, Khaled
PY - 2006
Y1 - 2006
N2 - Local Area Network (LAN) security is a critical and mandatory element that network administrators must master. It is often thought of network security as protecting the network from external attacks and intrusions. However, internal attacks can also be as damaging and malicious as external ones. One of the well known attacks in networking is packet spoofing at the different network layers. This paper discusses how spoofed ARP packets can be used by malicious users to redirect and use network's traffic to launch an attack against users' hosts. Limitations of current Intrusion Detection Systems (IDSs) in detecting traffic redirection attacks are also discussed. The paper then proposes practical and efficient mechanisms for detecting such malicious attacks in a switched LAN environment. In addition, the effect of the proposed techniques on network performance is shown to be minimal given the gained benefits.
AB - Local Area Network (LAN) security is a critical and mandatory element that network administrators must master. It is often thought of network security as protecting the network from external attacks and intrusions. However, internal attacks can also be as damaging and malicious as external ones. One of the well known attacks in networking is packet spoofing at the different network layers. This paper discusses how spoofed ARP packets can be used by malicious users to redirect and use network's traffic to launch an attack against users' hosts. Limitations of current Intrusion Detection Systems (IDSs) in detecting traffic redirection attacks are also discussed. The paper then proposes practical and efficient mechanisms for detecting such malicious attacks in a switched LAN environment. In addition, the effect of the proposed techniques on network performance is shown to be minimal given the gained benefits.
KW - Intrusion detection systems
KW - Man in the middle attacks
KW - Network security
UR - http://www.scopus.com/inward/record.url?scp=50949126007&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=50949126007&partnerID=8YFLogxK
U2 - 10.1109/GLOCOM.2006.282
DO - 10.1109/GLOCOM.2006.282
M3 - Conference contribution
AN - SCOPUS:50949126007
SN - 142440357X
SN - 9781424403578
T3 - GLOBECOM - IEEE Global Telecommunications Conference
BT - IEEE GLOBECOM 2006 - 2006 Global Telecommunications Conference
T2 - IEEE GLOBECOM 2006 - 2006 Global Telecommunications Conference
Y2 - 27 November 2006 through 1 December 2006
ER -