×

You are using an outdated browser Internet Explorer. It does not support some functions of the site.

Recommend that you install one of the following browsers: Firefox, Opera or Chrome.

Contacts:

+7 961 270-60-01
ivdon3@bk.ru

  • The technique of detecting network attacks of "man in the middle" class based on the transit traffic analysis

    The article is devoted to the problem of data protection from interception as a result of the "man in the middle" attacks. The proposed technique for detecting these attacks is based on the analysis of the headers of transit packets passing through the default gateway. Based on the data obtained, a table of correspondence between IP and MAC addresses is constructed, for which software provides up-to-date and reliable information. The addresses of packets passing through the gateway are compared with the records in this table and, in case of a mismatch and impossibility of confirming the correctness of addresses in the headers of the channel and network layers, it is concluded that there is an additional intermediate node in the network that appeared as a result of the default gateway substitution. The article presents approaches to software implementation of this technique, describes the packet analysis algorithm.

    Keywords: local area network, man-in-the-middle, DHCP-spoofing, ARP-poisoning, traffic analysis, gateway, network address, packet, ARP-table