Man in the Middle

From
Jump to navigation Jump to search

Man in the Middle attacks generally allow an attacker to get in the middle of other hosts communication. Any information in between these hosts can be read, blocked or even altered by the attacker. An attacker being in the middle does not necessarily mean he physicly interupted the other hosts connection to put himself in the middle. Other ways to get in the middle of other hosts communication are several Spoofing techniques, which let hosts in the network think, the attacker is someone else. Dangerous in this context is especially if the attacker lets a host believe he's the gateway.

Once in the middle of other hosts communication, the attacker can easily intercept encrypted connections, sniff passwords, or inject false data into connections. Tools like Ettercap automate this process, by supporting severel Man in the Middle attacks (ARP poisoning, Icmp redirect, Port stealing, DHCP spoofing), sniffing techniques and even mechanisms to intercept SSH and HTTPS connections by delivering almost identical copies of the original certificates.

The Man in the Middle attack is a very powerful yet common attack pattern, it has therefore attracted the attention of cryptologists. There have been found some defenses but they apply to very specific situations like

  • Chess Grandmaster Attack
  • Syncronized Clocks

The only really succesful defenses against Man in the Middle Attacks are implemented by defeating the used "technique" like ARP poisoning, Port Stealing etc.

Retrieved from "https://sarwiki.informatik.hu-berlin.de/index.php?title=Man_in_the_Middle&oldid=3129"