Solved

Man In Middle Attack

Posted on 2013-06-07
2
362 Views
Last Modified: 2013-06-20
What is Man in Middle attack ?
0
Comment
Question by:pawanopensource
2 Comments
 
LVL 24

Assisted Solution

by:aadih
aadih earned 250 total points
Comment Utility
The man-in-the-middle attack (often abbreviated MITM, MitM, MIM, MiM, MITMA, also known as a bucket brigade attack, or sometimes Janus attack[citation needed]) in cryptography and computer security is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker...

< http://en.wikipedia.org/wiki/Man-in-the-middle_attack >
0
 
LVL 7

Accepted Solution

by:
msifox earned 250 total points
Comment Utility
Example: you want to connect to a web server with https (encrypted).
Someone manipulates your hosts file, or spoofs the DNS reply, to make your PC connect to his server instead.
So you make a https connection to him, and he makes a https connection to the server that you wanted to connect to. Now he forwards your data to the server, and forwards the server response back to you.
Result: he can read everything that is transferred, because he has it in unencrypted form.
He is sitting in your connection, between you and your destination. thus man in the middle.

Usually your web browser should cry foul because he doesn't see the valid certificate of the right server. But in last months there were several cases reported where certificate providers signed wrong certificates, signed wildcard certificates, were infiltrated by trojans etc. Thus the man in the middle might be able to provide your browser a certificate that the browser regards as valid.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Join & Write a Comment

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now