Towards Understanding Man-on-the-Side Attacks (MotS) in SCADA Networks

  title={Towards Understanding Man-on-the-Side Attacks (MotS) in SCADA Networks},
  author={Peter Maynard and Kieran McLaughlin},
We describe a new class of packet injection attacks called Man-on-the-Side Attacks (MotS), previously only seen where state actors have "compromised" a number of telecommunication companies. MotS injection attacks have not been widely investigated in scientific literature, despite having been discussed by news outlets and security blogs. MotS came to attention after the Edward Snowden revelations, which described large scale pervasive monitoring of the Internet's infrastructure. For an advanced… 
1 Citations

Figures and Tables from this paper


A Survey of Man In The Middle Attacks
This paper extensively review the literature on MITM to analyse and categorize the scope of MITM attacks, considering both a reference model, such as the open systems interconnection (OSI) model, as well as two specific widely used network technologies, i.e., GSM and UMTS.
Off-Path Attacking the Web
We show how an off-path (spoofing-only) attacker can perform cross-site scripting (XSS), cross-site request forgery (CSRF) and site spoofing/defacement attacks, without requiring vulnerabilities in
Detecting TCP/IP Connections via IPID Hash Collisions
A novel attack for detecting the presence of an active TCP connection between a remote Linux server and an arbitrary client machine is presented and it is demonstrated how the attack can be used by the middle onion router in a Tor circuit to test whether a given client is connected to the guard entry node associated with a given circuit.
Detecting Forged TCP Reset Packets
This work develops an efficient injection detector and demonstrates its effectiveness by identifying a range of disruptive activity seen in traces from four different sites, including termination of P2P connections, anti-spam and anti-virus mechanisms, and the finding that China’s “Great Firewall” has multiple components, sometimes apparently operating without coordination.
Towards Understanding Man-in-the-middle Attacks on IEC 60870-5-104 SCADA Networks
This paper investigates cyber attacks on ICS which rely on IEC 60870-5-104 for telecontrol communications, covering modification and injection of commands, and details capture and replay attacks.
Off-Path TCP Injection Attacks
Practical off-path TCP injection attacks for connections between current, nonbuggy browsers and Web servers, exploiting subtle details of the TCP and HTTP specifications, and features of legitimate (and very common) browser implementations are presented.
Website-Targeted False Content Injection by Network Operators
The analysis shows that the main purpose of content injection is to increase the network operators' revenue by inserting advertisements to websites, and this practice has also observed numerous cases of injected malicious content.
Confidentiality in the Face of Pervasive Surveillance: A Threat Model and Problem Statement
A threat model is developed that describes these attacks on Internet confidentiality that assume an attacker that is interested in undetected, indiscriminate eavesdropping.
Developing a Framework to Improve Critical Infrastructure Cybersecurity (Response to NIST Request for Information Docket No. 130208119-3119-01)
The following two suggestions are offered in an attempt to aid NIST as it develops a national cybersecurity framework (the Framework) to reduce cybersecurity risks throughout the nation.
EN 60870-5-104:2006
  • Technical report, British Standards Institution.
  • 2006