ICACT20210126 Question.1
Questioner: wkdgus4788@chungbuk.ac.kr 2021-02-09 ¿ÀÈÄ 2:32:14 |
ICACT20210126 Answer.1
Answer by Auhor k.agordzo@gmail.com 2021-02-09 ¿ÀÈÄ 2:32:14
Chrome  Click!! |
| Can you explain the algorithms for the prevention of the attack in more detail? |
First, enable DHCP snooping after, one needs to configure all trusted ports in the topology (Gateway port Gi0/0). We configure trusted ports so that packets will not be dropped on this interface when the packets sent or received are more than 10 in a second. After, the transfer rate of frames from untrusted Port (Gi0/2 ) is limited to 10 frames per second. These packets sent from this interface can¡¯t exceed 10 in a second else the interface will be shut. Enable Dynamic ARP Inspection in the particular LAN of interest and set Gateway port as a trust for successful communication between the gateway and other hosts. finally, perform DHCP binding so that the IP and mac address of all hosts in the LAN will be found in the DHCP database. Once the setup is done, if frames received from any untrusted port are more than 10 frames then it should be dropped and the port should be shut. Or if the IP address of the untrusted port does not match with the IP address in the database then frames should be dropped and the port shut or if the MAC address of the untrusted port does not match the MAC address in the database then frames dropped and port shut. |
ICACT20210126 Question.2
Questioner: shahram@ieee.org 2021-02-09 ¿ÀÈÄ 2:08:28 |
ICACT20210126 Answer.2
Answer by Auhor k.agordzo@gmail.com 2021-02-09 ¿ÀÈÄ 2:08:28
Chrome Click!! |
| How does your approach prevent SSL-stripping if the MITM attack is conducted based on methods other than ARP-spoofing e.g. fake certifications or DNS manipulation? |
In The approach proposed here, the prevention is done on the switch which is the lower layer of the OSI model. So this approach is not limited to just ARP spoofing but other attacks. In step 6 of the algorithm, there are three conditions, once any of this is met, the interface on which the attack is will be shut. So even if the attack is in the upper layer of the OSI model, in the process of the attack as long as the packets generated in a second, exceeds the number of packets which is considered normal, the interface will be shut. |
ICACT20210126 Question.3
Questioner: dykim6@gmail.com 2021-02-10 ¿ÀÈÄ 2:43:47 |
ICACT20210126 Answer.3
Answer by Auhor k.agordzo@gmail.com 2021-02-10 ¿ÀÈÄ 2:43:47
Chrome Click!! |
| How do you decide a port is 'trusted' or 'untrusted' in the first place? |
We decide a port is trusted when it is not a host. In our case we only trusted the gateway port, all other host ports are configured as not trusted. |
