Individuals and organizations often seek to protect their computer networks and devices from unauthorized intrusions and attacks. For example, an intruder may monitor a computer network without authorization by intercepting network packets. In a more specific example, intruders may not only listen to network traffic, but may also modify and forward network packets. Network administrators and others may call these types of intruders “man in the middle” attackers. A “man in the middle” attacker may infiltrate a network by inserting an additional network node between a source and destination, as discussed further below. The additional network node may intercept a network packet, modify the packet, and forward the modified packet.
“Man in the middle” attacks can be difficult to identify. Manual inspection to identify these attacks may be inefficient, cumbersome, and prone to human error. Moreover, automated security programs may fail to perform sufficient checks to identify “man in the middle” and related attacks. Even if these traditional systems use some methods for identifying the attacks, such traditional systems may not use other methods. Moreover, the traditional systems may not check for attacks according to a desired frequency or schedule. Similarly, these traditional systems may be performed in isolation, thereby preventing others from benefiting from the results of the checks. Accordingly, the instant disclosure identifies and addresses a need for additional and improved systems and methods for evaluating networks.