13 April 2018

Man In The Middle attacks

A man-in-the-middle attack is more of a generalized concept that can be implemented in many different scenarios than a specific attack. Generally, in these attacks, a system that has the ability to view the communication between two systems imposes itself in the communication path between those other systems. Man-in-the-middle attacks are complex attacks that require successful attacks against IP routing or protocols (such as ARP, DNS, or DHCP), resulting in the misdirection of traffic. For example, an ARP-based man-in-the-middle attack is achieved when an attacker poisons the ARP cache of two devices with the MAC address of the attacker's NIC. Once the ARP caches have been successfully poisoned, each victim device sends all its packets to the attacker when communicating to the other device. This puts the attacker in the middle of the communications path between the two victim devices. It allows an attacker to easily monitor all communication between victim devices. The intent is to intercept and view the information being passed between the two victim devices and potentially introduce sessions and traffic between the two victim devices. The figure below illustrates an ARP-based man-in-the-middle attack. The attacker poisons the ARP caches of hosts A and B so that each host will send all its packets to the attacker when communicating to the other host. A man-in-the-middle attack can be passive or active. In passive attacks, attackers steal confidential information. In active attacks, attackers modify data in transit or inject data of their own. ARP cache poisoning attacks often target a host and the host’s default gateway. This puts the attacker as a man-in-the-middle between the host and all other systems outside of the local subnet.


Website developed and hosted by Hansole Investments Pvt Ltd Copyright ©: 2018. All Rights Reserved.