Network Security Lecture: On-Path Attacks

1. Introduction to On-Path Attacks

Definition: ARP Poisoning (or ARP Spoofing) is a type of on-path attack occurring within a local subnet.
Requirements: Attacker must be on the same subnet as the victim devices.
Reason: ARP lacks security/encryption, making it vulnerable.

Victim Devices: Laptop (IP: 192.168.1.N, MAC: XY:38:D5) and Router (IP: 192.168.1.1, MAC: BB:FE).
Attacker: IP: 192.168.1.114, MAC: EE:FF.
Attacker sends falsified ARP reply claiming to have Router's IP with Attacker's MAC.
Victim devices update ARP cache with Attacker's MAC.
Results:
- Traffic between laptop and router passes through attacker.
- Attacker can monitor or alter traffic.
- Attacker can disrupt communication.

Also known as Man-in-the-Browser attack.
Involves malware/trojan acting as a proxy on the victim’s device.
Captures traffic before/after it’s sent to the network, bypassing encryption.
Impact:
- Captures sensitive data like usernames, passwords (e.g., bank account info).
- Allows attacker to create sessions and perform unauthorized actions (e.g., transferring money, online shopping).
Visibility: Attack is invisible to the victim as everything appears normal.

On-path attacks can severely compromise network security by intercepting, altering, and monitoring sensitive data.
ARP poisoning attacks target local network vulnerabilities, while on-path browser attacks exploit malware to capture data on the victim's device.

Always ensure networks and devices are properly secured against on-path attacks.
Implement security measures such as encryption, authentication, and continuous monitoring for unusual activities.