Hands-on lab exercises implementation of DoS and MiM attacks using ARP cache poisoning

The field of academic security education today is dominated by defensive techniques. However, recently, offensive techniques which were originally developed by hackers, are gaining widespread approval. Many information security educators believe that teaching offensive methods yields better security professionals than teaching defensive techniques alone. In addition, every course in IT security should be accompanied by a basic discussion of legal implications and ethics. In this paper, we describe a case study of the implementation of comprehensive hands-on lab exercises that are essential to security education. The lab exercises are about how to perform Denial of Service (DoS) and Man-in-the-Middle (MiM) attacks using ARP (Address Resolution Protocol) cache poisoning. The available defense techniques for detecting and preventing malicious ARP cache poisoning activities are also presented. The consequence of offering offensive lab exercises is that the overall students performance improved; but a major ethical concern has been identified. That is, the number of injected malicious ARP packets in the university network, from the students' laptops, increases considerably each time the students experiment the attacks in an isolated network laboratory environment.

[1]  Kyle King,et al.  Design and Implementation of a Multi-Use Attack-Defend Computer Security Lab , 2006, Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS'06).

[2]  Gary McGraw,et al.  Guest Editors' Introduction: Why Attacking Systems Is a Good Idea , 2004, IEEE Secur. Priv..

[3]  Vipul Goyal,et al.  An Efficient Solution to the ARP Cache Poisoning Problem , 2005, ACISP.

[4]  Wassim El-Hajj,et al.  On investigating ARP spoofing security solutions , 2010, Int. J. Internet Protoc. Technol..

[5]  Giovanni Vigna Teaching Network Security Through Live Exercises , 2003, World Conference on Information Security Education.

[6]  Deborah A. Frincke,et al.  Who Watches the Security Educators? , 2003, IEEE Secur. Priv..

[7]  Felix C. Freiling,et al.  Is attack better than defense?: teaching information security the right way , 2006, InfoSecCD '06.

[8]  Mark B. Schmidt,et al.  Busting the ghost in the machine , 2005, CACM.

[9]  Michael Fry,et al.  Panel on integrating security concepts into existing computer courses , 2002, SIGCSE '02.

[10]  Udo W. Pooch,et al.  Using an isolated network laboratory to teach advanced networks and security , 2001, SIGCSE '01.

[11]  Peter J. Denning Great Principles of Computing , 2008, Wiley Encyclopedia of Computer Science and Engineering.

[12]  Patrick D. McDaniel,et al.  TARP: ticket-based address resolution protocol , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[13]  James Harris,et al.  Maintaining ethical standards for a computer security curriculum , 2004, InfoSecCD '04.

[14]  Dongqing Yuan,et al.  A lab implementation of SYN flood attack and defense , 2008, SIGITE '08.

[15]  Danilo Bruschi,et al.  S-ARP: a secure address resolution protocol , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[16]  David C. Plummer,et al.  Ethernet Address Resolution Protocol: Or Converting Network Protocol Addresses to 48.bit Ethernet Address for Transmission on Ethernet Hardware , 1982, RFC.

[17]  Felix C. Freiling,et al.  An offensive approach to teaching information security : 'Aachen summer school applied IT security , 2005 .