Zero Conf Protocols and their numerous Man in the Middle (MITM) Attacks

Zero conf protocols date from 1999. They provide plug and play mechanisms to set up networks without having to conFigure DNS or DHCP servers. Almost every device (PCs, printers, scanners, etc.) nowadays “speaks” one of these protocols, sometimes without its owner being even aware of it. The booming IoT ecosystem, in particular, relies heavily on them. Unfortunately, these protocols offer a number of different ways to run, so called, man in the middle attacks (MITM). Some previous publications have mentioned and have taken advantage of one or another of these design flaws. In this paper, we provide a deep dive into the various issues at hand and show the extent of the problem. We consider that the growing reliance of networks on these protocols represent an underestimated and ill covered threat. We have run a number of experiments (300) to test various implementations and discuss our results. We also propose means to detect these attacks thanks to Zeek (aka Bro). We make the attack code as well as the Zeek scripts available to the research community in a format that makes replication of our results possible by researchers while not easy to use by script kiddies.