-3

i'm preparing my bachelor's degree, i have to chose an attack, sniffing, dos, or MIM attack, I'm a bit lost, in my project i have to find a solution, how to detect one of this attacks, If you guys may give me your opinion on which is the easiest one to detect that would be awesome. thank you

soolidsnake
  • 11
  • 2

1 Answers1

1

To start off I would immediate research and acquire a firewall and a packet sniffer. This way you can analyze EACH packet coming into your system with a custom program that would be your project then you could go a step further and send the right API commands to the firewall to block a specific port or IP address.

DOS(Denial of Service)

This is probably your easiest to detect, it depends on what service you are getting denied. If your internet connection is getting disrupted a simple ping to a website like google might be plenty sufficient to tell. A few DOS attack are from an exploit that will confuse the service to the point of not being usable, which would require a look at the service that is being denied.

MIM (Man in the Middle)

This is probably the hardest to detect, I would suggest reading the answers here Can I detect a MITM attack?. In theory SSL and knowing the fingerprint before ever connecting, say from another IP address and route all together, then SSL should be able to warning you fairly well.

Sniffing

This would be testing by seeing if a Network Card is in Promiscuous Mode.

Perhaps more information regarding your project and what you are allowed to do in order to detect an attack, i.e. can you use any language you like, any system, and any attacker? This might provide a more focused direct question.

Community
  • 1
RB4
  • 188
  • 11
  • Thank you, Yes i can you any language, I have to do it on linux, and I will be the one who launch the attack, so I will know the exact time when the attack happens, I will be doing it on a switch first. For now, i just know that i can detect it, if someone is in Promiscuous mode, or if he is spoffing, am I right? – soolidsnake Feb 08 '16 at 15:34
  • If you have complete control and want the easiest way use DOS to detect. If you want a challenge than go with MIM :) – RB4 Feb 08 '16 at 15:47