how hacker attacks in internet

Hello,
          I read at many online documents that in an Internet environment an hacker can attack on user data and thus may lead to steal info in packets or modify it and resend to original destined server. But i reuire that info in diagramaic form and also some practical examples in real world. where to find them?
         What exactly i want to know is that we know hacker attacks but we also know that data travels in internet from routers to routers   then if from src pc to router1 to no. of routers to dst pc is path for data is then where can hacker be located here.
b123coderAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ahoffmannCommented:
what you're describing is a MITM - man-in-the-middle attack
it can be anywhere in the middle between source and destination, hence the name: someone on a server or router or even just plugging to the wire

You're safe (in terms of current technology) against this when you use encrypted protocols, like HTTPS/SSL/TLS.
But you're still vulnerable to infinite number of other attacks ...
0
b123coderAuthor Commented:
hello ahoffmann,
               So that mean say traffic is from organisation 1 to organisation2 and in that pc1 is in organisation and pc2 is in organisations 2 then when data sent from pc1 to pc2 then it will travel thro' many routers to reah pc2. then where can be MIM be placed himself?
               I think there is no control if no sorce routing is used for how data travels from pc1 to pc2 right??
                 Also can you please tell me besides having SSL/TLS why still attacks are there?
0
ahoffmannCommented:
> then where can be MIM be placed himself?
not shure what you mean, but MITM can be anywhere, including source (pc1) and destination (pc2), for example 'cause there is some malware (aka virii, trojans, etc.)

> ..  there is no control if no sorce routing  ..
yes
but even with source routing you usually have no control over the routers, nor the wire (someone plugs to the wire directly)

> .. why still attacks are there?
- any kind of malware on source and/or destination (see above)
- spoofed source or destination
- proxies
- if source or destination is a web server and/or application server:
   cross-site scripting, SQL injection, command injection, session hijacking/fixation/riding, second order code attacks, etc. etc.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

b123coderAuthor Commented:

what are the aviail solutions to man in middle attack? are they all protecting against MIMA?? if not then what current development is going on ?
0
ahoffmannCommented:
MITM is permanent threat, and you never get solutions for threats, that's their nature ;-)
you just can check if you're vulnerable for those attacks, and the solution then is encryption and strong permisions for physical acces to your devices, no development necessary
0
David PiniellaCommented:
aside from encryption and secure physical access, good and secure authentication of what servers you're connecting to is also a must -- SSL, ssh hashes to verify that the host you're ssh'ing into is the one it says it is, et cetera, but as ahoffman says, there's nothing that you can really do to make the threat go away.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.