In wired networks, Medium Access Control (MAC) spoofing is a well-known and extensively studied class of network security attacks in which an adversary impersonates a legitimate host by falsifying its MAC address. Despite existing defense stan- dards, such attacks remain relevant in contemporary networks. MAC spoofing can enable Man-In-The-Middle (MITM) attacks, allowing an attacker to intercept and inject traffic while posing as the victim whose MAC address has been compromised. Despite its conceptual simplicity, implementing a fully transparent MAC spoofing MITM attack is non-trivial. Existing techniques fail to maintain transparency from the victim’s perspective and may disrupt connectivity. While traffic interception is relatively straightforward, injecting traffic on behalf of the victim without affecting the victim’s normal operation is more challenging. Achieving such transparency typically requires custom code and specialized libraries that may lack portability across platforms or operate in user space rather than kernel space, thereby imposing performance limitations. This demo presents an implementation of a MAC spoofing-based MITM attack that enables transparent interception and injection of packets while impersonating the victim, without requiring custom code. The approach operates entirely in kernel space, leveraging Linux networking names- paces, and ensures complete transparency to both the victim host and its communication endpoint.
Demo. Re-designing MAC spoofing for transparent MITM attacks using linux network namespaces / Spadaccino, P., Servillo, S., Locatelli, P., Cuomo, F.. - (2026), pp. 1894-1895. (INFOCOM 2026 Tokyo; Japan ) [10.1109/infocom59046.2026.11571538].
Demo. Re-designing MAC spoofing for transparent MITM attacks using linux network namespaces
Spadaccino, Pietro
;Servillo, Stefano;Locatelli, Pierluigi;Cuomo, Francesca
2026
Abstract
In wired networks, Medium Access Control (MAC) spoofing is a well-known and extensively studied class of network security attacks in which an adversary impersonates a legitimate host by falsifying its MAC address. Despite existing defense stan- dards, such attacks remain relevant in contemporary networks. MAC spoofing can enable Man-In-The-Middle (MITM) attacks, allowing an attacker to intercept and inject traffic while posing as the victim whose MAC address has been compromised. Despite its conceptual simplicity, implementing a fully transparent MAC spoofing MITM attack is non-trivial. Existing techniques fail to maintain transparency from the victim’s perspective and may disrupt connectivity. While traffic interception is relatively straightforward, injecting traffic on behalf of the victim without affecting the victim’s normal operation is more challenging. Achieving such transparency typically requires custom code and specialized libraries that may lack portability across platforms or operate in user space rather than kernel space, thereby imposing performance limitations. This demo presents an implementation of a MAC spoofing-based MITM attack that enables transparent interception and injection of packets while impersonating the victim, without requiring custom code. The approach operates entirely in kernel space, leveraging Linux networking names- paces, and ensures complete transparency to both the victim host and its communication endpoint.| File | Dimensione | Formato | |
|---|---|---|---|
|
Spadaccino_Demo-re-designing _2026.pdf
solo gestori archivio
Tipologia:
Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
1.16 MB
Formato
Adobe PDF
|
1.16 MB | Adobe PDF | Contatta l'autore |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.


