Man in the Middle: Difference between revisions
mNo edit summary |
|||
(One intermediate revision by the same user not shown) | |||
Line 1: | Line 1: | ||
'''Man in the Middle''' attacks generally allow an attacker to get in the middle of other hosts communication. Any information in between these hosts can be read, blocked or even altered by the attacker. An attacker being in the middle does not necessarily mean he physicly interupted the other hosts connection to put himself in the middle. Other ways to get in the middle of other hosts communication are several [[Spoofing]] techniques, which let hosts in the network ''think'', the attacker is someone else. Dangerous in this context is especially if the attacker lets a host believe he's the gateway. |
'''Man in the Middle''' attacks generally allow an attacker to get in the middle of other hosts communication. Any information in between these hosts can be read, blocked or even altered by the attacker. An attacker being in the middle does not necessarily mean he physicly interupted the other hosts connection to put himself in the middle. Other ways to get in the middle of other hosts communication are several [[Spoofing]] techniques, which let hosts in the network ''think'', the attacker is someone else. Dangerous in this context is especially if the attacker lets a host believe he's the gateway. |
||
Once in the middle of other hosts communication, the attacker can easily intercept encrypted connections, sniff passwords, or inject false data into connections. Tools like [http://ettercap.sourceforge.net/ Ettercap] automate this process, by supporting severel '''Man in the Middle''' attacks (ARP poisoning, Icmp redirect, Port stealing, DHCP spoofing), sniffing techniques and even mechanisms to intercept SSH and HTTPS connections by delivering almost identical copies of |
Once in the middle of other hosts communication, the attacker can easily intercept encrypted connections, sniff passwords, or inject false data into connections. Tools like [http://ettercap.sourceforge.net/ Ettercap] automate this process, by supporting severel '''Man in the Middle''' attacks (ARP poisoning, Icmp redirect, Port stealing, DHCP spoofing), sniffing techniques and even mechanisms to intercept SSH and HTTPS connections by delivering almost identical copies of the original certificates. |
||
The Man in the Middle attack is a very powerful yet common attack pattern, it has therefore attracted the attention of cryptologists. There have been found some defenses but they apply to very specific situations like |
|||
*Chess Grandmaster Attack |
|||
*Syncronized Clocks |
|||
The only really succesful defenses against Man in the Middle Attacks are implemented by defeating the used "technique" like ARP poisoning, Port Stealing etc. |
|||
== Port Stealing == |
|||
Technique to outsmart switches, by sending ethernet frames including the victim MAC address as sender address. The switch will further send packets targeting to that MAC address to the port the attacker is connected to. Again its up to the attacker to forward these packets to the victim, which may be difficult since the switch is confused about what port the victim is located at. The original port mapping has to be retroceded to the switch in order to send packets to the victim. Afterwards the port hast to be stolen again. All this might lead to many lost packets and a notably lost of connection speed. |
Latest revision as of 12:50, 4 January 2005
Man in the Middle attacks generally allow an attacker to get in the middle of other hosts communication. Any information in between these hosts can be read, blocked or even altered by the attacker. An attacker being in the middle does not necessarily mean he physicly interupted the other hosts connection to put himself in the middle. Other ways to get in the middle of other hosts communication are several Spoofing techniques, which let hosts in the network think, the attacker is someone else. Dangerous in this context is especially if the attacker lets a host believe he's the gateway.
Once in the middle of other hosts communication, the attacker can easily intercept encrypted connections, sniff passwords, or inject false data into connections. Tools like Ettercap automate this process, by supporting severel Man in the Middle attacks (ARP poisoning, Icmp redirect, Port stealing, DHCP spoofing), sniffing techniques and even mechanisms to intercept SSH and HTTPS connections by delivering almost identical copies of the original certificates.
The Man in the Middle attack is a very powerful yet common attack pattern, it has therefore attracted the attention of cryptologists. There have been found some defenses but they apply to very specific situations like
- Chess Grandmaster Attack
- Syncronized Clocks
The only really succesful defenses against Man in the Middle Attacks are implemented by defeating the used "technique" like ARP poisoning, Port Stealing etc.