Overview
The lecture explains on-path attacks, focusing on how attackers intercept and manipulate communication between network devices using techniques such as ARP poisoning, browser proxy attacks, and wireless evil twins.
On-Path Attacks Explained
- On-path attacks allow an attacker to secretly monitor or alter traffic between two communicating devices.
- Victims are often unaware that their communications are being intercepted.
- Security software on endpoints may not detect on-path attacks.
ARP Poisoning / ARP Spoofing
- ARP poisoning exploits the lack of security in the Address Resolution Protocol (ARP).
- Attackers send fake ARP responses to devices, mapping their own MAC address to another device's IP.
- The victim device updates its ARP cache with the malicious entry, routing its traffic through the attacker's device.
- This allows the attacker to monitor or modify traffic between devices, e.g., between a laptop and a router.
- Attackers often target both endpoints to maintain full visibility of the conversation.
On-Path Browser Attacks
- Attackers install proxy malware on a victim’s browser to intercept web traffic locally.
- The proxy silently collects sensitive data, such as banking credentials, as the user browses.
- These attacks are difficult to detect since everything appears normal to the victim.
Wireless Evil Twin Attacks
- Attackers create rogue wireless access points with names (SSIDs) identical or similar to legitimate ones.
- Users may unknowingly connect to the attacker’s access point, enabling interception or alteration of their communications.
- Such attacks are common in public areas like airports and coffee shops, especially on open Wi-Fi networks.
Defense Strategies
- Always use encrypted communication channels (e.g., HTTPS websites).
- Use Virtual Private Networks (VPNs) when connected to public wireless networks.
Key Terms & Definitions
- On-Path Attack — An attack where the attacker secretly monitors or alters network traffic between two parties.
- ARP Poisoning/Spoofing — Sending fake ARP responses to reroute traffic through an attacker’s device.
- ARP (Address Resolution Protocol) — A protocol for mapping IP addresses to MAC addresses on a local network.
- MAC address<span> (Media Access Control address) —is a unique identifier assigned to a network interface card (NIC) of a device. It is used to identify devices on a local network.</span>
- Proxy (in browser context) — Software that intercepts and relays web communication on behalf of the user.
- Wireless Evil Twin — A rogue Wi-Fi access point mimicking a legitimate network to intercept user data.
- SSID (Service Set Identifier) — The name of a wireless network.
- VPN (Virtual Private Network) — A service that encrypts network traffic across untrusted networks.
Action Items / Next Steps
- Always connect to websites using HTTPS, especially in public settings.
- Use a VPN when on public or unsecured Wi-Fi networks.