Scribd
Upload
38 views

Com 411 Assignment 2

Uploaded by

Samuel Zulu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
38 views

Com 411 Assignment 2

Uploaded by

Samuel Zulu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

CAVENDISH UNIVERSITY ZAMBIA

ASSIGNMENT BRIEF AND FEEDBACK FORM

STUDENT NUMBER: 088-585


ONE 4
SEMESTER:
ONE/TWO YEAR

LECTURER:

SUBJECT: NETWORK SECURITY AND CRYPTOLOGY

ASSIGNMENT NO. 1

DATE HANDED OUT: 10th AUGUST, 2024

DATE DUE IN: 12th OCTOBER, 2024

1
COM 411 ANSWER FOR QUESTION 6 ATTACK SIMULATION

1. Introduction

A Man-in-the-Middle (MITM) attack is a type of cyberattack where an attacker secretly


intercepts and relays communication between two parties who believe they are directly
communicating with each other. This allows the attacker to eavesdrop on the communication,
modify the data, or even inject malicious content.

This report simulates an MITM attack using Kali Linux and demonstrates the attack’s defense
strategies, emphasizing the importance of network security protocols.

2. Tools Used

- Kali Linux: A penetration testing Linux distribution with various pre-installed security tools.
- Wireshark: A packet analyzer tool used to capture and analyze network traffic.
- Ettercap: A comprehensive suite for MITM attacks on LAN, allowing interception of traffic,
sniffing, and injection.
- ARP Spoofing: A technique used to poison the ARP cache of a victim, tricking it into sending
traffic through the attacker.

3. MITM Attack Simulation Steps

Step 1: Network Scanning

Use Nmap on Kali Linux to scan the local network and identify active devices (targets) for the
MITM attack.
nmap -sn 192.168.1.0/24

Step 2: ARP Spoofing

We use Ettercap to perform ARP spoofing, which tricks the victim’s machine into sending all its
traffic through the attacker’s machine.
ettercap -T -q -i eth0 -M arp:remote /192.168.1.10/ /192.168.1.1/

Here, the attacker spoofs the ARP table of the victim (IP `192.168.1.10`), convincing it that the
attacker’s machine is the gateway.

Step 3: Capturing Traffic


Using Wireshark, we capture and analyze the intercepted traffic from the victim’s machine.
Sensitive information, such as HTTP requests, can be viewed in clear text, including login
credentials if the connection is not encrypted.

Step 4: Traffic Injection

2
The attacker will inject malicious content into the victim’s data stream. For example, replacing
an HTTP webpage with a malicious phishing page that captures credentials.

4. Defense Mechanisms Against MITM Attacks

a. Use HTTPS for Encryption

- Defense: HTTPS encrypts traffic between the client and server, preventing attackers from
reading sensitive data even if they manage to intercept it.

- Explanation: In our simulation, the attack would be ineffective if the victim was browsing
over an HTTPS connection, as all intercepted data would be encrypted.

b. Implement ARP Spoofing Detection

- Defense: Tools such as ARP Watch can monitor ARP traffic on the network and detect
anomalies like duplicate IPs or MAC address changes, alerting network administrators of
possible spoofing.
- Explanation: Detecting ARP spoofing would mitigate MITM attacks by stopping the
redirection of traffic to the attacker.

c. Network Segmentation

- Defense: Segmenting the network limits the attacker's ability to intercept traffic between
different segments.
- Explanation: By dividing the network into smaller segments and using VLANs, attackers
would have a limited scope for launching MITM attacks.

d. Strong Authentication and Encryption

- Defense: Use strong, multi-factor authentication (MFA) and ensure that sensitive
communications are encrypted with protocols like IPsec or TLS.
- Explanation: Even if an attacker successfully intercepts data, encryption and MFA provide
additional layers of security.

e. Importance of Network Security Protocols

Network security protocols play a critical role in defending against MITM and other types of
cyberattacks:
- Transport Layer Security (TLS): Encrypts data, ensuring that intercepted communications
remain confidential and tamper-proof.
- IPsec: Provides encrypted and authenticated communication at the IP layer, preventing
attackers from altering or reading the data packets.
- DNSSEC: Ensures that DNS queries and responses are authenticated, protecting against DNS
spoofing attacks that can be used to redirect traffic in an MITM attack.

3
- 802.1X Authentication: Ensures that only authorized devices can connect to the network,
preventing unauthorized devices from launching ARP spoofing or other network-level attacks.

6. Conclusion

In this simulation, we demonstrated how an attacker can launch a Man-in-the-Middle attack


using ARP spoofing to intercept and manipulate network traffic. However, with proper defenses,
including encrypted communications, network segmentation, and ARP spoofing detection tools,
such attacks can be effectively mitigated. This underscores the importance of strong network
security protocols in safeguarding against advanced cyber threats.

4
REFERENCES

1. Easttom, C., 2017. Network Defense and Countermeasures: Principles and Practices*.
3rd ed. Pearson.
2. Dieterle, D., 2015. Basic Security Testing with Kali Linux. 3rd ed. Apress.

3. Messier, R., 2021. Ethical Hacking and Countermeasures: Attack Phases. EC-Council
Press.

You might also like