Man in the Middle Attack
From Computing and Software Wiki
Line 4: | Line 4: | ||
Lastly it is referred to as a Janus attack in reference to the roman two-headed god of gates. | Lastly it is referred to as a Janus attack in reference to the roman two-headed god of gates. | ||
- | ==Example== | + | ==Generic Example== |
Alice sends a communication to Bob, which is intercepted by an attacker, and then forwarded on to Bob. Bob then replies to Alice which is also intercepted by the attacker, and then forwarded to Alice. | Alice sends a communication to Bob, which is intercepted by an attacker, and then forwarded on to Bob. Bob then replies to Alice which is also intercepted by the attacker, and then forwarded to Alice. | ||
- | == | + | ==Specific MITM Attacks== |
Historically, several different man in the middle attacks have been described. Perhaps the earliest reference was a paper showing the possibility of IP spoofing in BSD Linux.<sup>[1]</sup> A more recent and famous example is [[The Mitnick attack]], a man in the middle attack taking advantage of the structure of IP to establish the trusted connections. <br> | Historically, several different man in the middle attacks have been described. Perhaps the earliest reference was a paper showing the possibility of IP spoofing in BSD Linux.<sup>[1]</sup> A more recent and famous example is [[The Mitnick attack]], a man in the middle attack taking advantage of the structure of IP to establish the trusted connections. <br> | ||
Another common man in the middle attack is [[IP Spoofing]], where victims have all their web traffic re-routed through the attacker.<sup>[2]</sup> <br> | Another common man in the middle attack is [[IP Spoofing]], where victims have all their web traffic re-routed through the attacker.<sup>[2]</sup> <br> | ||
Line 13: | Line 13: | ||
Another common attack is DNS Cache Poisoning, an attack where a user's DNS cache is overwritten, directing their requests through the attacker instead of the correct host.<sup>[3]</sup> | Another common attack is DNS Cache Poisoning, an attack where a user's DNS cache is overwritten, directing their requests through the attacker instead of the correct host.<sup>[3]</sup> | ||
+ | ==MITM Attack Examples== | ||
+ | ===LAN=== | ||
+ | *ARP Poisoining | ||
+ | *DNS Spoofing | ||
+ | *STP Mangling | ||
+ | *Port Stealing | ||
+ | ===Local to Remote=== | ||
+ | *ARP Poisoining | ||
+ | *DNS Spoofing | ||
+ | *DHCP Spoofing | ||
+ | *ICMP Redirection | ||
+ | *IRDP Spoofing | ||
+ | *Route Mangling | ||
+ | ===Remote=== | ||
+ | *DNS Poisoning | ||
+ | *Traffic | ||
+ | *Route Mangling | ||
+ | ===Wireless=== | ||
+ | *Access Point Reassociation | ||
==Attacking Tools== | ==Attacking Tools== | ||
Revision as of 15:06, 12 April 2009
Man in the Middle Attacks (sometimes MITM) are attacks where the attacker intercepts communication between two parties, forwarding the communication as if the attacker were not present. The name is derived from the popular game Man in the Middle. It is also referred to as a fire-brigade or bucket brigade attack based on the method for putting out a fire. Lastly it is referred to as a Janus attack in reference to the roman two-headed god of gates.
Contents |
Generic Example
Alice sends a communication to Bob, which is intercepted by an attacker, and then forwarded on to Bob. Bob then replies to Alice which is also intercepted by the attacker, and then forwarded to Alice.
Specific MITM Attacks
Historically, several different man in the middle attacks have been described. Perhaps the earliest reference was a paper showing the possibility of IP spoofing in BSD Linux.[1] A more recent and famous example is The Mitnick attack, a man in the middle attack taking advantage of the structure of IP to establish the trusted connections.
Another common man in the middle attack is IP Spoofing, where victims have all their web traffic re-routed through the attacker.[2]
Another common attack is DNS Cache Poisoning, an attack where a user's DNS cache is overwritten, directing their requests through the attacker instead of the correct host.[3]
MITM Attack Examples
LAN
- ARP Poisoining
- DNS Spoofing
- STP Mangling
- Port Stealing
Local to Remote
- ARP Poisoining
- DNS Spoofing
- DHCP Spoofing
- ICMP Redirection
- IRDP Spoofing
- Route Mangling
Remote
- DNS Poisoning
- Traffic
- Route Mangling
Wireless
- Access Point Reassociation
Attacking Tools
Defences
Beyond Computing
See Also
Information Security Topics:
- Piggybacking
- Phishing
- Operating Systems Security
- Information security awareness
- Network stack (dode) - attack patterns on each layer & how to defend it
External Links
References
- A Weakness in the 4.2BSD Unix TCP/IP Software, Robert T. Morris, AT&T Bell Laboratories, February 1985
- http://www.csl.sri.com/users/ddean/papers/spoofing.pdf
- http://www.contentverification.com/man-in-the-middle/
--Heifetj 10:24, 12 April 2009 (EDT)