MITM Attacks

dlofnep · 18-02-2011 04:55PM #1

I wrote a brief paper last year on ARP-based man in the middle attacks if anyone wants a read: http://www.seanobriain.com/docs/PasstheParcel-MITMGuide.pdf - Pretty simple and straight forward step-by-step guide.

h57xiucj2z946q · 18-02-2011 05:49PM

Looks interesting, I will take a read through it.

I have noticed that if I do arp poisoning on my WLAN, the specific target will have very poor network performance, or if targeting the whole network, then the whole network suffers.

Is this a known thing? Is a huge degradation of network performance associated with arp poisoning?

dlofnep · 18-02-2011 06:12PM

It is possible to acheive a DOS through arp-poisoning - I've seen it happen on a few occasions. Most methods involve repeated heavy ARP requests and responses which will require abnormal processing and bandwidth. I can see why it would impact the network performance, although I haven't bench-tested it.

Alternatively, if you are not forwarding packets in the attacker's machine, you will instantly cause a DOS as the packets from the target machine will not be routed.

jakedixon2004 · 22-02-2011 07:17PM

Yes, I too have seen this happen so it must be possible.

pieface_ie · 11-03-2011 07:52PM

Yeah its enough to bring the network down! from broadband to 56k!

Phractal · 27-03-2011 06:49PM

Ok, ARP poisoning attacks/MITM will obv cause network lag, cos all the traffic is now going through YOU on its way to the switch. And if you are not passing the packets, or are poisoning to a non routable address, DoS.

I accidentally hosed a large network segment this way when tring to snarf a SSH login for a router (I wanted to port forward!), but thankfully all was fixed once I flushed the cache...

MITM Attacks

Comments