Spoofing attack

About: Spoofing attack is a research topic. Over the lifetime, 5186 publications have been published within this topic receiving 87446 citations. The topic is also known as: spoofing.

An Analysis of Neighbor Discovery Protocol Attacks

Abstract: Neighbor Discovery Protocol (NDP) is a network protocol used in IPv6 networks to manage communication between neighboring devices. NDP is responsible for mapping IPv6 addresses to MAC addresses and discovering the availability of neighboring devices on the network. The main risk of deploying NDP on public networks is the potential for hackers or attackers to launch various types of attacks, such as address spoofing attacks, denial-of-service attacks, and man-in-the-middle attacks. Although Secure Neighbor Discovery (SEND) is implemented to secure NDP, its complexity and cost hinder its widespread deployment. This research emphasizes the potential hazard of deploying IPv6 networks in public spaces, such as airports, without protecting NDP messages. These risks have the potential to crash the entire local network. To demonstrate these risks, the GNS3 testbed environment is used to generate NDP attacks and capture the resulting packets using Wireshark for analysis. The analysis results reveal that with just a few commands, attackers can execute various NDP attacks. This highlights the need to protect against the potential issues that come with deploying IPv6 on widely accessible public networks. In addition, the analysis result shows that NDP attacks have behavior that can be used to define various NDP attacks.

Address resolution protocol spoofing detection method and device

Abstract: The invention discloses an Address resolution protocol spoofing detection method and device, belonging to the technical field of network security. The method comprises the following steps of: listening for ARP messages received in the network layer of the host; detecting whether the IP address of the network interconnection protocol in the ARP message is the same as the IP address of the target gateway, the target gateway being a gateway to which the host computer is connected in the local area network; detecting whether the MAC address in the ARP message is the same as the MAC address in thememory,the MAC address in the memory being the MAC address corresponding to the IP address of the target gateway which is received and saved in the history; when the IP address in the ARP message is the same as the IP address of the destination gateway and the MAC address in the ARP message is different from the MAC address in memory, determining that there is ARP spoofing in the destination gateway. The method solves the problems that ARP spoofing can not be detected until the ARP cache table is read,the detection of ARP spoofing is not real-time enough and the network is still insecure.

Early warning method and device for ARP table entry spoofing attack in local area network

Abstract: The invention provides an early warning method and device for an address resolution protocol (ARP) table entry spoofing attack in a local area network, and belongs to the technical field of network communication. The early warning problem of the ARP table entry spoofing attack in the local area network is solved. The technical points are as follows: S1. monitoring network data; S2. confirming thecredibility of an ARP message; S2.1. when the ARP message is not credible, performing early warning judgment on ARP table entry spoofing; and S2.2. when the ARP message is credible, performing analysis on an ARP message table entry to judge the ARP table entry spoofing. The early warning method and device have the beneficial effects that the ARP table entry spoofing attack can be prevented.

Systems and methods for Unicode homograph anti-spoofing using optical character recognition

Abstract: Systems and methods for Optical Character Recognition (“OCR”) based anti-spoofing for Unicode homograph. The method comprises: performing operations by a computing device to make an OCR identification on an original electronic address so as to obtain an OCR electronic address; encoding (a) the original electronic address to obtain an encoded access address and (b) the OCR electronic address to obtain an encoded OCR electronic address; comparing the encoded access address to the encoded OCR electronic address; and determining if a Unicode homograph spoofing situation exists based on results of the comparing.