Man in the Middle

From
Jump to navigation Jump to search

Man in the Middle attacks generally allow an attacker to get in the middle of other hosts communication. Any information in between these hosts can be read, blocked or even altered by the attacker. An attacker being in the middle does not necessarily mean he physicly interupted the other hosts connection to put himself in the middle. Other ways to get in the middle of other hosts communication are several Spoofing techniques, which let hosts in the network think, the attacker is someone else. Dangerous in this context is especially if the attacker lets a host believe he's the gateway.

Once in the middle of other hosts communication, the attacker can easily intercept encrypted connections, sniff passwords, or inject false data into connections. Tools like Ettercap automate this process, by supporting severel Man in the Middle attacks (ARP poisoning, Icmp redirect, Port stealing, DHCP spoofing), sniffing techniques and even mechanisms to intercept SSH and HTTPS connections by delivering almost identical copies of original the certificates.


Port Stealing

Technique to outsmart switches, by sending ethernet frames including the victim MAC address as sender address. The switch will further send packets targeting to that MAC address to the port the attacker is connected to. Again its up to the attacker to forward these packets to the victim, which may be difficult since the switch is confused about what port the victim is located at. The original port mapping has to be retroceded to the switch in order to send packets to the victim. Afterwards the port hast to be stolen again. All this might lead to many lost packets and a notably lost of connection speed.

Retrieved from "https://sarwiki.informatik.hu-berlin.de/index.php?title=Man_in_the_Middle&oldid=438"