Poaching: Hunting Without Permission

Security professionals are not always welcomed by various business units or the environment as a whole. While the reasons range from trusting a person outside the group to individual perceptions about information security job functions, the end result is limited or no access to systems and networks. The operational business impact creates a situation where the information security professional has their proverbial hands tied behind their back. What can a security professional do until the human element is resolved? In this paper, we will define hunting as proactively looking for problems in an environment. Poaching is hunting where you are not given permission or access. The paper will discuss various techniques, which can be leveraged with limited, or no access to hunt for intruders. This will be accomplished by analyzing what certain man-in-the- middle attacks look for from victims, simulating the same behavior, and analyzing any responses. We will look at wireless Karma attacks, Web Proxy Auto-Discovery- (WPAD) auto-discovery attacks, and some general host resolution attacks. Then we will show that many of them can be detected simply with regular network connectivity and some Python/Scapy code.