Lecture 17: Low-Level Network Attacks

• Slides
• Playlist (length: 24:32)

Eavesdropping

Spoofing

If an attacker spoofs a packet to a victim, where would the victim's reply be sent to?

The victim would think the spoofed packet came from the fake source address, so the victim’s reply would be sent to the fake source address, not the attacker.

On-path vs. Off-path Spoofing

Which type of attacker is more powerful: on-path, off-path, or neither is strictly stronger than the other?

The on-path attacker is strictly stronger. An on-path attacker can do everything an off-path attacker can do, but the on-path attacker has the extra ability to see the victim’s traffic.

ARP

Coming soon… Check back after the live lecture!

WPA

Coming soon… Check back after the live lecture!

DHCP

Which of the four messages in the DHCP handshake are broadcast? Why do we need to broadcast these?

The two messages sent by the client (discover and request) are broadcast, because the client doesn’t have a configuration to send messages with yet.

DHCP Threats

What type(s) of attacker can execute an attack on DHCP, and what type of attacker do they become after successfully executing the attack?

Any attacker who can read the victim’s traffic (on-path or MITM) can execute the attack. After successfully executing the attack, the attacker becomes a MITM.