A Combination of ICMP and ARP for DHCP Malicious Attack Identification

Yaibuates, Mayoon; Chaisricharoen, Roungsan

doi:10.1109/ectidamtncon48261.2020.9090760

Cited by 16 publications

(5 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…For example, Girdler et al [23] present an IDPS system that focuses on malicious MAC addresses associated with ARP spoo ing attacks. Yaibuates et al [24] try to identify malicious requests for IP addresses via DHCP, and combine the ICMP and ARP protocols. The paper of Hsu et al [25] suggests a method that uses a range of reverse traceroute data gathered by a remote server to identify the existence of a malicious rogue AP.…”

Section: Malicious Mac Address-related Mechanismsmentioning

confidence: 99%

Automated Wi-Fi intrusion detection tool on 802.11 networks

Dimitris Koutras,

Panos Dimitrellos,

Panayiotis Kotzanikolaou

et al. 2024

ITU J-FET

View full text Add to dashboard Cite

Wi-Fi networks enable user-friendly network connectivity in various environments, ranging from home to enterprise networks. However, vulnerabilities in Wi-Fi implementations may allow nearby adversaries to gain an initial foothold into a network, e.g., in order to attempt further network penetration. In this paper we propose a methodology for the detection of attacks originating from Wi-Fi networks, along with a Wi-Fi Network Intrusion Detection (Wi-Fi-NID) tool, developed to automate the detection of such attacks at 802.11 networks. In particular, Wi-Fi-NID has the ability to detect and trace possible illegal network scanning attacks, which originate from attacks at the Wi-Fi access layer. We extend our initial implementation to increase the efficiency of detection, based on mathematical and statistical function techniques. A penetration testing methodology is defined, in order to discover the environmental security characteristics, related with the current configuration of the devices connected to the 802.11 network. The methodology covers known Wi-Fi attacks such as de-authentication attacks, capturing and cracking WPA-WPA/2 handshake, captive portal and WPA attacks, mostly based on various open source software tools, custom tools, as well as on specialized hardware.

show abstract

Section: Malicious Mac Address-related Mechanismsmentioning

confidence: 99%

Automated Wi-Fi intrusion detection tool on 802.11 networks

Dimitris Koutras,

Panos Dimitrellos,

Panayiotis Kotzanikolaou

et al. 2024

ITU J-FET

View full text Add to dashboard Cite

show abstract

“…Peneliti [16] menggunakan metode deteksi dengan pendekatan berbeda, yaitu dengan memanfaatkan protokol ICMP dan ARP untuk melakukan validasi apakah paket DHCP yang dikirimkan oleh client menuju DHCP server berasal dari client yang sah (legitimate) ataukah dari penyerang (malicious). pada penelitin tersebut digunakan aplikasi simulator Cisco Packet Tracer untuk melakukan simulasi.…”

Section: Tinjauan Pustakaunclassified

“…Peneliti [17] melajutkan penelitian yang telah dilakukan oleh [16] Langkah keenam adalah melakukan analisis terhadap data yang telah dikumpulkan sebelumnya. Secara umum untuk menghitung tingkat akurasi deteksi menggunakan Confusion Matrix [18].…”

Section: Tinjauan Pustakaunclassified

Portable Intrusion Detection and Prevention System for DHCP Starvation Attack in Wireless Network

Bahar

2024

JITET

View full text Add to dashboard Cite

The DHCP service has become highly critical as it plays a pivotal role in the connectivity success of approximately 22.18% of users who access the internet through wireless networks in Indonesia. DHCP services are not exempt from security threats, one of which is a Denial of Service attack known as DHCP starvation, capable of disrupting the availability of DHCP services. A novel technique employed in this attack involves manipulating the ARP protocol when the DHCP server detects IP conflicts within the network. Researchers propose an ARP protocol-based analysis method for detection and prevention, leading to the development of a portable device that serves as an Intrusion Detection and Prevention System (IDPS). This approach aims to not only enhance effectiveness but also improve efficiency. The IDPS application is crafted using the Python, with support from Scapy and Paramiko libraries. The results of detection and prevention show an accuracy rate of 100%.

show abstract

“…Error messages are used to report errors that can occur during data packet delivery. Diagnostics, testing, and other informational purposes are served by informational messages [45], [46], [47], [48], [49], [50], [51]. An attacker can launch different types of ICMP based attacks, including Ping There are some common types of ICMP (Internet Control Message Protocol) based cyber security attacks such as Ping flood attacks [50] and Smurf attacks [40].…”

Section: A Icmp Based Cyber Attacksmentioning

confidence: 99%