fips191_13
FIPS PUB 191
other pieces of information). Spoofing of LAN traffic involves (1) the ability to receive a message
by masquerading as the legitimate receiving destination, or (2) masquerading as the sending
machine and sending a message to a destination. To masquerade as a receiving machine, the
LAN must be persuaded into believing that the destination address is the legitimate address of
the machine. (Receiving LAN traffic can also be done by listening to messages as they are
broadcast to all nodes.) Masquerading as the sending machine to deceive a receiver into
believing the message was legitimately sent can be done by masquerading the address, or by
means of a playback. A playback involves capturing a session between a sender and receiver,
and then retransmitting that message (either with the header only, and new message contents, or
the whole message). The spoofing of LAN traffic or the modification of LAN traffic can occur
by exploiting the following types of vulnerabilities:
Vulnerabilities
transmitting LAN traffic in plaintext,
lack of a date/time stamp (showing sending time and receiving time),
lack of message authentication code mechanism or digital signature,
lack of real-time verification mechanism (to use against playback).
2.1.7 Disruption of LAN Functions
A LAN is a tool, used by an organization, to share information and transmit it from one location
to another. This need is satisfied by LAN functionalities such those described in Section 1.4,
LAN Definition. A disruption of functionality occurs when the LAN cannot provide the needed
functionality in an acceptable, timely manner.
A disruption can interrupt one type of
functionality or many. A disruption of LAN functionalities can occur by exploiting the following
types of vulnerabilities:
Vulnerabilities
inability to detect unusual traffic patterns (i.e. intentional flooding),
inability to reroute traffic, handle hardware failures, etc,
configuration of LAN that allows for a single point of failure,
unauthorized changes made to hardware components (reconfiguring addresses on workstations,
modifying router or hub configurations, etc.),
improper maintenance of LAN hardware,
improper physical security of LAN hardware.
15