WOOT 2021, 15th IEEE Workshop on Offensive Technologies, 27 May 2021, Colocated with IEEE S&P (Virtual Conference)
Zero conf protocols date from 1999. They provide plug and play mechanisms to set up networks without having to configure DNS or DHCP servers. Almost every device (PCs, printers, scanners, etc.) nowadays ”speaks” one of these protocols, sometimes
without its owner being even aware of it. The booming IoT ecosystem, in particular, relies heavily on them. Unfortunately, these protocols offer a number of different
ways to run, so called, man in the middle attacks (MITM). Some previous publications have mentioned and have taken advantage of one or another of these design flaws. In this paper, we provide a deep dive into the various issues at hand and show the extent
of the problem. We consider that the growing reliance of networks on these protocols represent an underestimated and ill covered threat. We have run a number of experiments (300) to test various implementations and discuss our results. We also propose means to detect these attacks thanks to Zeek (aka Bro). We make the attack code as well as the Zeek scripts available to the research community in a format that makes replication of our results possible by researchers while not easy to use by script kiddies.
Type:
Conference
Date:
2021-05-27
Department:
Digital Security
Eurecom Ref:
6536
Copyright:
© 2021 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
