Which of the following attacks could be used to initiate a subsequent man-in-the-middle attack?
A.
ARP poisoning
B.
DoS
C.
Replay
D.
Brute force
Explanation:
A replay attack (also known as playback attack) is a form of network attack in which a valid data
transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator
or by an adversary who intercepts the data and retransmits it, possibly as part of a masquerade attack by
IP packet substitution (such as stream cipher attack).
For example: Suppose Alice wants to prove her identity to Bob. Bob requests her password as proof of
identity, which Alice dutifully provides (possibly after some transformation like a hash function);
meanwhile, Eve is eavesdropping on the conversation and keeps the password (or the hash). After the
interchange is over, Eve (posing as Alice) connects to Bob; when asked for a proof of identity, Eve sends
Alice’s password (or hash) read from the last session, which Bob accepts thus granting access to Eve.
Countermeasures: A way to avoid replay attacks is by using session tokens: Bob sends a one-time token to
Alice, which Alice uses to transform the password and send the result to Bob (e.g. computing a hash
function of the session token appended to the password). On his side Bob performs the same
computation; if and only if both values match, the login is successful. Now suppose Eve has captured thisvalue and tries to use it on another session; Bob sends a different session token, and when Eve replies
with the captured value it will be different from Bob’s computation.
Session tokens should be chosen by a (pseudo-) random process. Otherwise Eve may be able to pose as
Bob, presenting some predicted future token, and convince Alice to use that token in her transformation.
Eve can then replay her reply at a later time (when the previously predicted token is actually presented by
Bob), and Bob will accept the authentication.
One-time passwords are similar to session tokens in that the password expires after it has been used or
after a very short amount of time. They can be used to authenticate individual transactions in addition to
sessions. The technique has been widely implemented in personal online banking systems.
Bob can also send nonces but should then include a message authentication code (MAC), which Alice
should check.
Timestamping is another way of preventing a replay attack. Synchronization should be achieved using a
secure protocol. For example Bob periodically broadcasts the time on his clock together with a MAC.
When Alice wants to send Bob a message, she includes her best estimate of the time on his clock in her
message, which is also authenticated. Bob only accepts messages for which the timestamp is within a
reasonable tolerance. The advantage of this scheme is that Bob does not need to generate (pseudo-)
random numbers, with the trade-off being that replay attacks, if they are performed quickly enough i.e.
within that ‘reasonable’ limit, could succeed.
Incorrect Answers:
A: Address Resolution Protocol poisoning (ARP poisoning) is a form of attack in which an attacker changes
the Media Access Control (MAC) address and attacks an Ethernet LAN by changing the target computer’s
ARP cache with a forged ARP request and reply packets. This modifies the layer -Ethernet MAC address
into the hacker’s known MAC address to monitor it. Because the ARP replies are forged, the target
computer unintentionally sends the frames to the hacker’s computer first instead of sending it to the
original destination. As a result, both the user’s data and privacy are compromised. An effective ARP
poisoning attempt is undetectable to the user.
ARP poisoning is also known as ARP cache poisoning or ARP poison routing (APR). ARP poisoning would
not be used to initiate a subsequent man-in-the-middle attack.
B: DoS, short for denial-of-service attack, a type of attack on a network that is designed to bring the
network to its knees by flooding it with useless traffic. Many DoS attacks, such as the Ping of Death and
Teardrop attacks, exploit limitations in the TCP/IP protocols. For all known DoS attacks, there are
software fixes that system administrators can install to limit the damage caused by the attacks. But, likeviruses, new DoS attacks are constantly being dreamed up by hackers. DoS would not be used to initiate a
subsequent man-in-the-middle attack.
D: A brute force attack is a trial-and-error method used to obtain information such as a user password or
personal identification number (PIN). In a brute force attack, automated software is used to generate a
large number of consecutive guesses as to the value of the desired data. Brute force attacks may be used
by criminals to crack encrypted data, or by security analysts to test an organization’s network security.
A brute force attack may also be referred to as brute force cracking.
For example, a form of brute force attack known as a dictionary attack might try all the words in a
dictionary. Other forms of brute force attack might try commonly-used passwords or combinations of
letters and numbers.
An attack of this nature can be time- and resource-consuming. Hence the name “brute force attack;”
success is usually based on computing power and the number of combinations tried rather than an
ingenious algorithm. A brute force attack would not be used to initiate a subsequent man-in-the-middle
attack.http://en.wikipedia.org/wiki/Replay_attack
http://www.techopedia.com/definition/27471/address-resolution-protocol-poisoning-arp-poisoning
http://www.webopedia.com/TERM/D/DoS_attack.html
http://www.techopedia.com/definition/18091/brute-force-attack