Solved

Man In Middle Attack

Posted on 2013-06-07
2
372 Views
Last Modified: 2013-06-20
What is Man in Middle attack ?
0
Comment
Question by:pawanopensource
2 Comments
 
LVL 24

Assisted Solution

by:aadih
aadih earned 250 total points
ID: 39230078
The man-in-the-middle attack (often abbreviated MITM, MitM, MIM, MiM, MITMA, also known as a bucket brigade attack, or sometimes Janus attack[citation needed]) in cryptography and computer security is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker...

http://en.wikipedia.org/wiki/Man-in-the-middle_attack >
0
 
LVL 7

Accepted Solution

by:
msifox earned 250 total points
ID: 39231397
Example: you want to connect to a web server with https (encrypted).
Someone manipulates your hosts file, or spoofs the DNS reply, to make your PC connect to his server instead.
So you make a https connection to him, and he makes a https connection to the server that you wanted to connect to. Now he forwards your data to the server, and forwards the server response back to you.
Result: he can read everything that is transferred, because he has it in unencrypted form.
He is sitting in your connection, between you and your destination. thus man in the middle.

Usually your web browser should cry foul because he doesn't see the valid certificate of the right server. But in last months there were several cases reported where certificate providers signed wrong certificates, signed wildcard certificates, were infiltrated by trojans etc. Thus the man in the middle might be able to provide your browser a certificate that the browser regards as valid.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SMTP connect() failed - WordPress 6 59
Windows 10 Task Scheduler fears and concerns 8 46
Eset Smart Securties ARP poisoning attack 3 50
MFA in Azure for a hybrid org 2 42
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Most MSPs worth their salt are already offering cybersecurity to their customers. But cybersecurity as a service is wide encompassing and can mean many things.  So where are MSPs falling in this spectrum?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question