Solved

Man In Middle Attack

Posted on 2013-06-07
2
380 Views
Last Modified: 2013-06-20
What is Man in Middle attack ?
0
Comment
Question by:pawanopensource
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 24

Assisted Solution

by:aadih
aadih earned 250 total points
ID: 39230078
The man-in-the-middle attack (often abbreviated MITM, MitM, MIM, MiM, MITMA, also known as a bucket brigade attack, or sometimes Janus attack[citation needed]) in cryptography and computer security is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker...

http://en.wikipedia.org/wiki/Man-in-the-middle_attack >
0
 
LVL 7

Accepted Solution

by:
msifox earned 250 total points
ID: 39231397
Example: you want to connect to a web server with https (encrypted).
Someone manipulates your hosts file, or spoofs the DNS reply, to make your PC connect to his server instead.
So you make a https connection to him, and he makes a https connection to the server that you wanted to connect to. Now he forwards your data to the server, and forwards the server response back to you.
Result: he can read everything that is transferred, because he has it in unencrypted form.
He is sitting in your connection, between you and your destination. thus man in the middle.

Usually your web browser should cry foul because he doesn't see the valid certificate of the right server. But in last months there were several cases reported where certificate providers signed wrong certificates, signed wildcard certificates, were infiltrated by trojans etc. Thus the man in the middle might be able to provide your browser a certificate that the browser regards as valid.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recovering from what the press called "the largest-ever cyber-attack", IT departments worldwide are discussing ways to defend against this in the future. In this process, many people are looking for immediate actions while, instead, they need to tho…
Let's recap what we learned from yesterday's Skyport Systems webinar.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question