HP 635n Practical IPsec Deployment for Printing and Imaging Devices - Page 22

Device-1 Cache B:2 IP Address: A Ethernet Address: 1 Device-2 Cache A:1 IP Address: B Ethernet Address: 2 NEW MAC ADDRESS!!! IP B has Ethernet Address 3 Device-3 Pretends to be Device-1 announcing a new Ethernet Address to Device-2 Also pretends to be Device-2 announcing a new MAC address to Device-1 NEW MAC ADDRESS!!! IP A has Ethernet Address 3 IP Address: C Ethernet Address: 3 Device-1 Cache B:3 IP Address: A Ethernet Address: 1 Device-2 Cache A:3 IP Address: B Ethernet Address: 2 Device-3 IP Address: C Ethernet Address: 3 Device-1 Cache B:3 IP Address: A Ethernet Address: 1 Device-2 Cache A:3 IP Address: B Ethernet Address: 2 Device-3 Copies all information before forwarding the packet on. IP Address: C Ethernet Address: 3 Figure 20 - MITM In Figure 20 we can see how Device-3 modifies the cache by pretending to be both Device-1 and Device-2. Once the cache has been modified, Device-1 sends packets to Device-3's Ethernet Address when the destination IP address is actually for Device-2. Device-2 sends packets to Device-3's Ethernet address when the destination IP address is actually for Device-1. It should be clear that our attacker Jane's laptop is Device-3. When it receives a packet to or from the MFP, it can capture the data and then send the packet back on its proper way. Ettercap has facilities to automate this process making it extremely easy to do. Once done, Wireshark can be used to capture the information. Too Easy: MITM Data Injection As if what we discussed so far isn't enough, there is yet another attack Jane can use to capture data leveraging off of our previous MITM attack. Once Jane is in possession of a packet, let's say a packet from the MFP containing the destination email addresses that the secret document is going to be delivered to, Jane simply adds her email address to the existing email addresses in the protocol 22