MAC flooding

Abstract: In this work, we propose an SDN-based WLAN monitoring and management framework called RFlow+ to address WiFi service dissatisfaction caused by the limited view (lack of scalability) of network traffic monitoring and absence of intelligent and timely network treatments. Existing solutions (e.g., OpenFlow and sFlow) have limited view, no generic flow description, and poor trade-off between measurement accuracy and network overhead depending on the selection of the sampling rate. To resolve these issues, we devise a two-level counting mechanism, namely a distributed local counter (on-site and real-time) and central collector (a summation of local counters). With this, we proposed a highly scalable monitoring and management framework to handle immediate actions based on short-term (e.g., 50 ms) monitoring and eventual actions based on long-term (e.g., 1 month) monitoring. The former uses the local view of each access point (AP), and the latter uses the global view of the collector. Experimental results verify that RFlow+ can achieve high accuracy (less than 5% standard error for short-term and less than 1% for long-term) and fast detection of flows of interest (within 23 ms) with manageable network overhead. We prove the practicality of RFlow+ by showing the effectiveness of a MAC flooding attacker quarantine in a real-world testbed.

Abstract: Visualization and animation have been used to aid teaching in many areas of education. In this paper, we present animated visual software that demonstrates network attacks on Local Area Networks. This tool is targeted to assist instructors who teach college level network security and computer networks. We did extensive survey on various attack methods and studied the technical details of attack techniques. The tool accurately and realistically shows attacks such as ARP Poisoning, Port Stealing and MAC Flooding. We integrated features such as high degree user interaction, play and pause, tooltips and quizzes. The tool is implemented using Macromedia Flash 8 because its player is widely used in the web and its versatility in creating interactive animations. We demonstrated this tool to students. Compared to students of previous semester who are taught without this tool, they were more motivated and did better on quiz questions.

Abstract: This session focuses on the security issues surrounding layer 2, the data-link layer. With a significant percentage of network attacks originating inside the corporate firewall, exploring this soft underbelly of data networking is critical for any secure network design. Security issues addressed in this session include ARP spoofing, MAC flooding, VLAN hopping, DHCP attacks, and spanning tree protocol concerns. Common myths about Ethernet switch security are confirmed or debunked, and specific security lockdown recommendations are given. Attack mitigation options include the new DHCP snooping and dynamic ARP inspection (DAI) functionality. Attendees can expect to learn layer 2 design considerations from a security perspective and mitigation techniques for layer 2 attacks.

Abstract: The article is dedicated to the study of "network storm" attacks aimed at disrupting the availability of information and information resources. The author has examined scenarios and models for "network storm" attacks, which exploit the vulnerability of the hardware and information technology of attacked components of information telecommunication systems (ITCS). The first scenario implies exploiting a vulnerability during the switching process - flooding a switch's MAC Table through a massive MAC flooding attack, whereby a malicious user can direct a critical volume of malicious traffic at all the elements of an ITCS being attacked, which will result in a denial-of-service and lead to a disruption of the availability of information and information resources. Carrying out a "network storm" attack according to the second scenario implies exploiting a vulnerability during the routing process - when on the strength of the default settings there is a regular situation of uncertainty between two components of an ITCS, which can be exploited by the malicious user who directs a critical volume of malicious traffic at the elements of the ITCS being attacked, which will also lead to a disruption of the availability of information and information resources.