🌐

Network Attacks Overview

Jul 23, 2025

Overview

This lecture explains on-path (man-in-the-middle) attacks, focusing on ARP poisoning and on-path browser attacks, and how attackers can intercept or modify network communications.

On-Path (Man-in-the-Middle) Attacks

  • An on-path attack places an attacker between two devices to monitor or alter their communications.
  • Victims are often unaware the attack is happening, making the attack invisible.

ARP Poisoning (ARP Spoofing)

  • ARP poisoning targets devices on the same local IP subnet, requiring the attacker to be on the same network.
  • ARP (Address Resolution Protocol) resolves IP addresses to MAC addresses, crucial for local network communication.
  • Attackers send false ARP replies, tricking devices into associating the attacker's MAC address with a legitimate IP (e.g., the router).
  • The victim's ARP cache is updated with the attacker's MAC address, redirecting traffic through the attacker.
  • This allows the attacker to monitor, modify, or block communication between devices (e.g., a laptop and a router).

On-Path Browser Attacks (Man-in-the-Browser)

  • On-path browser attacks use malware or trojans running as proxies on a victim’s device.
  • These attacks can intercept data even if the network traffic is encrypted.
  • The attacker can capture sensitive information like banking credentials while the user interacts normally.
  • Malware can create unauthorized sessions in the background using the stolen credentials.

Key Terms & Definitions

  • On-Path Attack β€” An attack where the attacker intercepts and possibly modifies communications between two parties.
  • Man-in-the-Middle (MITM) β€” Another term for on-path attack.
  • ARP (Address Resolution Protocol) β€” Network protocol for mapping IP addresses to MAC (hardware) addresses within a local network.
  • ARP Poisoning/Spoofing β€” Sending fake ARP messages to trick devices into sending data through the attacker.
  • ARP Cache β€” A temporary storage of IP-to-MAC address mappings.
  • On-Path Browser Attack/Man-in-the-Browser β€” Malware that intercepts web browser traffic on the same device as the victim.

Action Items / Next Steps

  • Review how ARP works and why it is vulnerable to spoofing.
  • Research common methods to defend against ARP poisoning and on-path browser attacks.

Full transcript