See Like a Bat - Using Echo-Analysis to Detect Man-in-the-Middle Attacks in LANs

Explore a groundbreaking approach to detecting Man-in-the-Middle (MitM) attacks in local area networks through a Black Hat conference talk. Discover Vesper, a novel plug-and-play MitM detector that utilizes echo-analysis techniques inspired by acoustic signal processing. Learn how ICMP echo requests can model network host connections, similar to how echoes in a cave capture environmental characteristics. Delve into the importance of MitM detection, various attack types, and the application of impulse response in LANs. Examine Vesper's functionality, including its handling of outliers, multiple intermediaries, and long-haul scenarios. Gain insights into potential adversary interference and the significance of using multiple features for detection. Conclude with an overview of the Vesper tool, its deployment, and a summary of this innovative approach to network security.

Introduction
Why do we care about MAN
Types of MAN attacks
See like a bat
Impulse response
Application to a LAN
ManintheMiddle Attacks
Vesper
Outliers
Evaluation
Multiple Intermediaries
Long Haul
How an adversary can mess with us
Why not just one feature
Results
Vesper tool
Vesper deployment
Summary