An article in response to the following scenario.
Suppose Ali and Jim are sending packets to each other over a computer network. Suppose Thomas positions himself in the network so he can capture all packets sent by Ali and send whatever he wants to Jim; he can also capture all the packets sent by Jim and send whatever he wants to Ali. Discuss some of the malicious things Thomas can do from this position.
If Thomas had malicious intent there is a variety of attacks that he could employ against Ali and Jim.
This where not data is changed, only intercepted by Thomas for potential data harvesting of useful information it would be a very possible form of available attack for him to undertake. And “because packet sniffers are passive […] they are difficult to detect” (Kurose and Ross, 2010).
IP Address Spoofing “can be defined as the intentional misrepresentation of the source IP address in an IP Packet in order to conceal the sender of the packet or to impersonate another computing system” (Miyamoto, Hazeyama & Kadobayashi 2011) it is an active attack. It would go beyond Thomas just collecting packets as he would via packet sniffing. If Thomas employed IP Spoofing he would be able to instigate a Denial of Service attack (DOS attack) against both Ali and Jim which has the potential to overload their machines with rouge packets. Also Thomas using IP Source Spoofing could have packets that were meant for Ali or Jim sent to him instead, where he would be able to gain access to the data contained within. It is also possible for Thomas just to delete the packets in the most basic form of mindless computing vandalism.
Man-in-the-middle attacks (MiTM) – Thomas could create a rouge access point and intercept and gather “information about users (in this case Ali and Jim) who are trying to connect to a legitimate network, before passing their packets onto that network” (Bradbury 2011). This would potentially allow him to garner passwords from them. Another possible MiTM is “Web spoofing, also known as Phishing” (Miyamoto, Hazeyama & Kadobayashi 2011) This would allow Thomas to redirect Jim and Ali’s web site requests to malicious website that would entice them to enter personal details that Thomas could potentially use to commit identify theft. If Ali and Jim were passing packets via mobile phones rather than computers, Thomas might be able to exploit a HTTP Hijack Request (HRH) where Thomas “intercepts the user’s WiFi connection and then inserts a 301 redirect code, which is an HTTP response code that permanently redirects traffic to a different address” (Kerner 2013). This is similar to Web Spoofing in that it redirects the unsuspecting user to a malicious website used to garner sensitive data, but has the potential to be a permanent redirect regardless of which network point Ali or Jim connect to.
Kurose, J, Ross, K, & Anand, B 2010, Computer Networking : A Top-Down Approach 5th Edition. James F. Kurose, Keith W. Ross. Pearson/Addison Wesley, 2010.
Kerner, S 2013, ‘HTTP Request Hijacking Flaw Leaves Mobile Users at Risk’, Eweek, p. 9, Business Source Complete, EBSCOhost, viewed 18 May 2014.
Miyamoto, D, Hazeyama, H, & Kadobayashi, Y 2011, ‘3-3 Studies on countermeasures for thwarting spoofing attacks – Cases of IP address spoofing and Web spoofing’, Journal Of The National Institute Of Information And Communications Technology, 58, 3-4, p. 99-111, Scopus®, EBSCOhost, viewed 18 May 2014.
Bradbury, D 2011, ‘Hacking wifi the easy way’, Network Security, 2011, 2, pp. 9-12, Business Source Complete, EBSCOhost, viewed 18 May 2014.