Toward Automated MAC Spoofer Investigations
Article No.: 27, Pages 1 - 6
Abstract
We automate live and dead forensic evidence gathering for MAC spoofer investigations and formalize its encoding in Forensic Lucid for subsequent reasoning. The monitoring covers a Faculty's network focusing on 1000 analyst-managed clients. We describe initial operational deployment of the MAC Spoofer Analyzer's evidence gathering components. We also highlight immediate and future concerns regarding the automation of the reasoning aspects behind the analyzer to aid network system administrators in their daily network security monitoring, management, and maintenance activities.
References
[1]
Adams, A.K.: mac-scan -- scan hosts on a VLAN or network for vulnerabilities. {online}, Pittsburgh Supercomputing Center (2009--2013), http://www.psc.edu/index.php/networking/647-mac-scan
[2]
Assels, M.J., Echtner, D., Spanner, M., Mokhov, S.A., Carrière, F., Taveroff, M.: Multifaceted faculty network design and management: Practice and experience. In: Desai, B.C., Abran, A., Mudur, S. (eds.) Proceedings of C3S2E'11. pp. 151--155. ACM, New York, USA (May 2010--2011), short paper; full version online at http://www.arxiv.org/abs/1103.5433
[3]
Bejtlich, R.: The Tao of Network Security: Beyond Intrusion Detection. Addison-Wesley (2005), ISBN: 0-321-24677-2
[4]
van den Berg, S.R., Guenther, P.A.: procmail v3.22. {online} (Sep 2001), http://www.procmail.org/
[5]
Carrier, B.D.: Risks of live digital forensic analysis. Communications of the ACM 49(2), 57--61 (Feb 2006), http://www.d.umn.edu/~schw0748/DigitalForensics/p56-carrier.pdf
[6]
Cisco Systems, Inc.: Catalyst 2950 Switch Hardware Installation Guide (Oct 2003)
[7]
Clark, K., Hamilton, K.: Cisco LAN Switching. Cisco Press (1999), ISBN: 1-57870-094-9
[8]
Day, J.D.: The (un)revised OSI reference model. SIGCOMM Comput. Commun. Rev. 25(5), 39--55 (1995)
[9]
Gladyshev, P.: Formalising Event Reconstruction in Digital Investigations. Ph.D. thesis, Department of Computer Science, University College Dublin (Aug 2004), online at http://www.formalforensics.org/publications/thesis/index.html
[10]
Gladyshev, P.: Finite state machine analysis of a blackmail investigation. International Journal of Digital Evidence 4(1) (2005)
[11]
Gladyshev, P., Patel, A.: Finite state machine approach to digital event reconstruction. Digital Investigation Journal 2(1) (2004)
[12]
IEEE: 802-1990: IEEE standards for local and metropolitan networks: Overview and architecture. {online} (Sep 2004), http://grouper.ieee.org/groups/802/802overview.pdf
[13]
McDougal, M.: Live forensics on a Windows system: Using Windows Forensic Toolchest (WFT). {online} (2003--2006), http://www.foolmoon.net/downloads/Live_Forensics_Using_WFT.pdf
[14]
Mokhov, S.A.: Intensional Cyberforensics. Ph.D. thesis, Department of Computer Science and Software Engineering, Concordia University, Montreal, Canada (Sep 2013), online at http://arxiv.org/abs/1312.0466
[15]
My Digital Life Editorial Team: How to change or spoof MAC address in Windows XP, Vista, Server 2003/2008, Mac OS X, Unix and Linux. {online} (Jun 2008)
[16]
Odom, W.: CCENT/CCNA ICND1: 640-822 Official Cert Guide. Cisco Press, 3 edn. (2012), ISBN: 978-1-58720-425-8
[17]
Odom, W.: CCNA ICND2: 640-816 Official Cert Guide. Cisco Press, 3 edn. (2012), ISBN: 978-1-58720-435-7
[18]
Pearce, C.: Computing forensics: a live analysis. {online} (Apr 2005), http://www.linux.org.au/conf/2005/security_miniconf/presentations/crpearce-lca2005.pdf
[19]
Plummer, D.C.: RFC 826: An Ethernet Address Resolution Protocol. {online} (Nov 1982), http://tools.ietf.org/html/rfc826, viewed in December 2012
[20]
QoSient, LLC.: Argus: Auditing network activity. {online (2000--2013), http://www.qosient.com/argus/
[21]
Tanenbaum, A.S., Wetherall, D.J.: Computer Networks. Prentice Hall, fifth edn. (2011), ISBN: 978-0-13-212695-3
[22]
Tenable Network Security: Nessus: the network vulnerability scanner. {online} (2002--2013), http://www.nessus.org/nessus/
[23]
Vincent, J., Rolsky, D., Chamberlain, D., Foley, R., Spier, R.: RT Essentials. O'Reilly Media, Inc. (Aug 2005)
Index Terms
- Toward Automated MAC Spoofer Investigations
Recommendations
Designing a Secure Network Interface By Thwarting Mac Spoofing Attacks
ICTCS '16: Proceedings of the Second International Conference on Information and Communication Technology for Competitive StrategiesIn recent trends, wireless networks have emerged as one of the choicest forms of data communication. Wireless networks provide an array of benefits like, easy installation, flexibility, mobility, scalability and reduced cost of ownership. In spite of ...
Using power hopping to counter MAC spoof attacks in WLAN
CCNC'10: Proceedings of the 7th IEEE conference on Consumer communications and networking conferenceIEEE 802.11-based Wireless LANs (WLANs) are deployed in public places, universities, offices and shops. The main reason for the popularity is convenience of internetworking without wires. The increase in WLANs also resulted in increase of security ...
Intelligent detection of MAC spoofing attack in 802.11 network
ICDCN '16: Proceedings of the 17th International Conference on Distributed Computing and NetworkingIn 802.11, all devices are uniquely identified by a Media Access Control (MAC) address. However, legitimate MAC addresses can be easily spoofed to launch various forms of attacks, such as Denial of Service attacks. Impersonating the MAC address of a ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
Copyright © 2014 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 03 August 2014
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
C3S2E '14
C3S2E '14: International C* Conference on Computer Science & Software Engineering
August 3 - 5, 2014
QC, Montreal, Canada
Acceptance Rates
Overall Acceptance Rate 12 of 42 submissions, 29%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 198Total Downloads
- Downloads (Last 12 months)2
- Downloads (Last 6 weeks)0
Reflects downloads up to 10 Nov 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in