Man In The Middle (MITM) Attack... In brief

What is a Man In The Middle Attack:
Man in the middle attack is a security attack in which the attacker intercepts and can be able to modify data that is transmitted between two users while the attacker pretends to be the other person to each user.

How this attack takes place:
In this type of attack the attacker intercepts messages in a public key exchange and then retransmits them substituting his own public key for the requested one so that the two original users still appear to be communicating with each other.
An example will make it clearer. Let, there are two parties Alice and Bob and the attacker is Trudy. Now this attack can be taken place in the following way.
Step 1: Alice says I am Alice. Trudy captures this message and passes it to Bob by pretending that this is from Alice.


Step 2: Bob sends a nonce R thinking that he is sending it to Alice. Trudy captures this R and keeps a copy for her and sends it to Alice.
Step 3: Now Alice encrypt this R with her private key and sends it back to bob but Trudy  captures this and encrypt this R with her private key and sends it to Bob.
Step 4: Bob receives this R and thinks that it is from Alice, then Bob requests for Alice’s public key but Trudy takes this request and forwards it to Alice.
Step 5: As Alice thinks this is from Bob she sends the public key and Trudy takes this public key and she forwards her public key instead of Alice’s.
Step 6: Now Bob gets the public key and encrypts messages with that key and sends it back to Alice but Trudy takes it and decrypts it with her private key and then again encrypts the message with Alice’s public key and sends it to Alice.
In this way both user send and get messages but in the middle of transmission Trudy also gets the message. Now Trudy can easily modify the messages and transmits them between the users.
Techniques used for MITM attack  [1] :
There are several techniques for this attack and they are as follows,
  1. ARP spoofing
  2. DNS spoofing
  3. IP Address spoofing
  4. Port stealing
  5. STP mangling
  6. DHCP spoofing
  7. Gateway spoofing
  8. ICMP redirection
  9. IRDP spoofing
Tools used for MITM attack [1][2] :
There are several tools available for this attack, they are as follows,
  1. Ettercap
  2. Dsniff
  3. Yersinia
  4. Packet creator
  5. Cain e Abel
Uses of MITM attack:
Man In The Middle attack is very dangerous for secured transmission like credit card transaction or any online banking transaction. With this attack the middle man can easily steal all the PINs, Passwords without alerting any parties.
Attack History [3] :
In 2004 an MITM attack was held on Citibank. With this attack the attacker got all usernames and passwords and made a huge problem for the banking transactions.
MITM attack is very dangerous in the internet or any networking environment. With this attack communication can be hampered without alarming any parties and important data can be stolen. For preventing this attack Virtual Private Network with strong mutual understanding is suggested by the security experts.
References and Bibliography:
[1] http://it.toolbox.com/wiki/index.php/Man-in-the-Middle_Attack
[2] http://www.owasp.org/index.php/Man-in-the-middle_attack
[3] http://www.usfst.com/article/Latest-threat-man-in-the-middle-attacks/

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)