SEC504: Hacker Tools, Techniques, and Incident Handling

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsAttacks against layer two, the data link-layer, range from address resolution protocol (ARP) cache poisoning for wired clients to de-authentication of wireless clients. Fairly simple to implement, these attacks can often go unnoticed by intrusion analysts since intrusion detection systems typically look at the network layer and above to detect attacks. This paper examines how packet manipulation tools such as Scapy can be used to examine network traffic for data link layer attacks and proactively respond to attacks against the data link layer. To accompany this paper, I will publish a paper about a light set of tools to implement the detection mechanisms.