Towards Understanding Man-on-the-Side Attacks (MotS) in SCADA Networks

  title={Towards Understanding Man-on-the-Side Attacks (MotS) in SCADA Networks},
  author={Peter Maynard and Kieran McLaughlin},
We describe a new class of packet injection attacks called Man-on-the-Side Attacks (MotS), previously only seen where state actors have "compromised" a number of telecommunication companies. MotS injection attacks have not been widely investigated in scientific literature, despite having been discussed by news outlets and security blogs. MotS came to attention after the Edward Snowden revelations, which described large scale pervasive monitoring of the Internet's infrastructure. For an advanced… Expand


A Survey of Man In The Middle Attacks
This paper extensively review the literature on MITM to analyse and categorize the scope of MITM attacks, considering both a reference model, such as the open systems interconnection (OSI) model, as well as two specific widely used network technologies, i.e., GSM and UMTS. Expand
Off-Path Attacking the Web
We show how an off-path (spoofing-only) attacker can perform cross-site scripting (XSS), cross-site request forgery (CSRF) and site spoofing/defacement attacks, without requiring vulnerabilities inExpand
Detecting TCP/IP Connections via IPID Hash Collisions
A novel attack for detecting the presence of an active TCP connection between a remote Linux server and an arbitrary client machine is presented and it is demonstrated how the attack can be used by the middle onion router in a Tor circuit to test whether a given client is connected to the guard entry node associated with a given circuit. Expand
On the Significance of Process Comprehension for Conducting Targeted ICS Attacks
Through use of a testbed environment, this paper provides two practical examples based on a Man-In-The-Middle scenario, demonstrating the types of information an attacker would need obtain, collate, and comprehend, in order to begin targeted process manipulation and detection avoidance. Expand
Detecting Forged TCP Reset Packets
This work develops an efficient injection detector and demonstrates its effectiveness by identifying a range of disruptive activity seen in traces from four different sites, including termination of P2P connections, anti-spam and anti-virus mechanisms, and the finding that China’s “Great Firewall” has multiple components, sometimes apparently operating without coordination. Expand
Towards Understanding Man-in-the-middle Attacks on IEC 60870-5-104 SCADA Networks
This paper investigates cyber attacks on ICS which rely on IEC 60870-5-104 for telecontrol communications, covering modification and injection of commands, and details capture and replay attacks. Expand
Off-Path TCP Injection Attacks
Practical off-path TCP injection attacks for connections between current, nonbuggy browsers and Web servers, exploiting subtle details of the TCP and HTTP specifications, and features of legitimate (and very common) browser implementations are presented. Expand
Website-Targeted False Content Injection by Network Operators
The analysis shows that the main purpose of content injection is to increase the network operators' revenue by inserting advertisements to websites, and this practice has also observed numerous cases of injected malicious content. Expand
An Analysis of China's "Great Cannon"
On March 16th, 2015, the Chinese censorship apparatus employed a new tool, the “Great Cannon”, to engineer a denialof-service attack on, an organization dedicated to resisting China’sExpand
Implementing Zero Trust Cloud Networks with Transport Access Control and First Packet Authentication
A novel network architecture is discussed which enables an explicit zero trust approach, based on a steganographic overlay which embeds authentication tokens in the TCP packet request, and first-packet authentication. Expand