Concept of Man-in-the-Middle attack

Asked

Viewed 2,178 times

16

Conceptually speaking, what is an attack Man in the middle, more commonly known as man-in-the-Middle Attack?

  • @Lucasnunes was thinking of keeping the "man-in-the-Middle" in the title, even if he had to take the "Man in the Middle", because it is more common for people to look for man-in-the-Middle or Mitm than "Man in the Middle". Does anyone else have a suggestion as to what is the best title in this case?

  • I removed it because the title got polluted. But I agree with you, it’s best to leave the most common term to help.

2 answers

10

Generally speaking, it is an attack where all communication between Alice and Bob is intercepted and eventually modified by a hostile agent, "Charlie". Alice and Bob think they’re talking to each other but they’re both talking to Charlie, who passes himself off as the two.

The MITM attack can occur even if Alice and Bob exchange public keys (as in SSL), because Charlie can replace the keys at login.

A defense is to certify the origin of the public keys. In the case of SSL, you have that browser warning when a key is not signed by a known Certification Authority. Charlie would hardly have a signed SSL certificate attached to the correct domain.

Another defense is that Alice and Bob exchange keys (public or private) for some other secure means, before establishing communication. Charlie can intercept communication but does not know the shared secret before.

5

Technically speaking, when you set up your computer’s routes to reach the network gateway. Which in this case could be your Velox modem, or GVT. To send a package over the network, your computer sends a MAC Address to the modem, or switch. And a request is made "who has", which asks which MAC is that ip.

An example would be the computer with ip 192.168.0.2 has MAC X, and he wants to send a request to the gateway of ip 192.168.0.254 with MAC Y. Done this, will be asked on the network who has the ip 192.168.0.254, and his modem will reply that he who is with that ip. This way, you will access internet normally. Your computer has a table called ARP(Address Resolution Protocol), which stores ip’s with your particular mac’s. In a short time interval, the same question is asked on the network to always update the ARP table. Computers are configured by default to tell the truth, ie the computer with IP 192.168.0.3 with MAC Z, has been configured to always say that. But I can simply lie to the network, I can say that the 192.168.0.254 ip is on MAC Z. Thus, a redirection of network traffic to the 192.168.0.3 ip machine. And what this machine will do, is let the data continue(FORWARD) to the gateway, and when there is a response, the ip 192.168.0.3 will deliver to the ip that made the request in the first moment.

Remembering that the physical equipment that transport network, switch, modens and hubs, do not know ip’s, only know MAC Address.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.