A low-cost embedded IDS to monitor and prevent Man-in-the-Middle attacks on wired LAN environments

A man-in-the-middle (MitM) attack is, in the scope of a LAN, a technique where an attacker is able to redirect all traffic between two hosts of that same LAN for packet sniffing or data manipulation, without the end hosts being aware of it. Usually these attacks exploit security flaws in the implementation of the ARP protocol at hosts. Up to now, detecting such attacks required setting up a machine with special-purpose software for this task. As an additional problem, few intrusion detection systems (IDS) are able to prevent MitM attacks. In this work we present a low-cost embedded IDS which, when plugged into a switch or hub, is able to detect and/or prevent MitM attacks automatically and …