Man-in-the-middle attack concept

16

Conceptually speaking, what is a Man in the Middle attack, more commonly known as man-in-the-middle attack     

asked by anonymous 24.02.2014 / 04:10

2 answers

9
Generally speaking, it's an attack where all communication between Alice and Bob is intercepted and eventually modified by a hostile agent, "Charlie." Alice and Bob think they are talking to each other but they are both talking to Charlie, who pretends to be the two.

The MITM attack can occur even if Alice and Bob exchange public keys (such as SSL) because Charlie can replace the keys at the beginning of the session.

One defense is to certify the source of public keys. In the case of SSL, you have that browser warning when a key is not signed by a known Certification Authority. Hardly Charlie would have an SSL certificate signed and attached to the correct domain.

Another defense is Alice and Bob exchange keys (public or private) by some other secure means before establishing communication. Charlie can intercept communication but does not know the secret shared before.

    
24.02.2014 / 04:36
4

Technically speaking, when you set up your computer's routes to reach the network gateway. Which in the case, could be your velox modem, or GVT. To send a packet over the network, your computer sends a MAC Address to the modem, or switch. And a "who has" request is made, which asks which MAC is that ip.

An example would be the computer with ip 192.168.0.2 has the MAC X, and it wants to send a request to the gateway ip 192.168.0.254 with the MAC Y. After that, it will be asked on the network who has the ip 192.168. 0.254, and your modem will respond that it has that ip. This way, you will access the internet normally. Your computer has a table called ARP (Address Resolution Protocol), which stores ip's with their particular mac's. In a short time interval, the same question is asked in the network to always update the ARP table. Computers are configured by default to tell the truth, that is, the computer with IP 192.168.0.3 with MAC Z has been set to always say that. But I can simply lie to the network, I can say that the ip 192.168.0.254 is on the MAC Z. It thus causing a redirection of network traffic to the 192.168.0.3 ip machine. And what this machine will do, is to let the data continue (FORWARD) to the gateway, and when there is a response, ip 192.168.0.3 will deliver to the ip that made the request first.

Remembering that the physical equipment that carries network, switch, modem and hubs, do not know ip's, only know MAC Address.

    
25.04.2014 / 19:25