Man in the Middle Attack

From Computing and Software Wiki

Revision as of 08:54, 6 April 2009 by Heifetj (Talk)
Jump to: navigation, search
Man in the Middle Example

Man in the Middle Attacks (sometimes MITM) are attacks where the attacker intercepts communication between two parties, forwarding the communication as if the attacker were not present. The name is derived from the popular game Man in the Middle. It is also referred to as a fire-brigade or bucket brigade attack based on the method for putting out a fire. Lastly it is referred to as a Janus attack in reference to the roman two-headed god of gates.

Contents

Example Attacks

Historically, several different man in the middle attacks have been described. Perhaps the earliest reference was a paper showing the possibility of IP spoofing in BSD Linux.[1] A more recent and famous example is The Mitnick attack, a man in the middle attack taking advantage of the structure of IP to establish the trusted connections. Another common man in the middle attack is IP spoofing, where victims have all their web traffic re-routed through the attacker.[2]

IP Spoofing Diagram [3]

See Also

Information Security Topics:
- IP Spoofing
- Piggybacking
- Phishing
- Operating Systems Security
- Information security awareness
- Network stack (dode) - attack patterns on each layer & how to defend it

External Links


References

1. A Weakness in the 4.2BSD Unix TCP/IP Software, Robert T. Morris, AT&T Bell Laboratories, February 1985
2. http://www.csl.sri.com/users/ddean/papers/spoofing.pdf
3. http://www.contentverification.com/man-in-the-middle/


--Heifetj 03:17, 6 April 2009 (EDT)

Personal tools