Zero Conf Protocols and their numerous Man in the Middle (MITM) Attacks

Dhia Farrah, Marc Dacier

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Scopus citations

Abstract

Zero conf protocols date from 1999 they provide plug and play mechanisms to set up networks without having to conFigure DNS or DHCP servers. Almost every device (PCs, printers, scanners, etc.) nowadays 'speaks' one of these protocols, sometimes without its owner being even aware of it the booming IoT ecosystem, in particular, relies heavily on them. Unfortunately, these protocols offer a number of different ways to run, so called, man in the middle attacks (MITM). Some previous publications have mentioned and have taken advantage of one or another of these design flaws. In this paper, we provide a deep dive into the various issues at hand and show the extent of the problem. We consider that the growing reliance of networks on these protocols represent an underestimated and ill covered threat. We have run a number of experiments (300) to test various implementations and discuss our results. We also propose means to detect these attacks thanks to Zeek (aka Bro). We make the attack code as well as the Zeek scripts available to the research community in a format that makes replication of our results possible by researchers while not easy to use by script kiddies.
Original languageEnglish (US)
Title of host publicationProceedings - 2021 IEEE Symposium on Security and Privacy Workshops, SPW 2021
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages410-421
Number of pages12
ISBN (Print)9781728189345
DOIs
StatePublished - May 1 2021
Externally publishedYes

Fingerprint

Dive into the research topics of 'Zero Conf Protocols and their numerous Man in the Middle (MITM) Attacks'. Together they form a unique fingerprint.

Cite this