Solved

Man In Middle Attack

Posted on 2013-06-07
2
365 Views
Last Modified: 2013-06-20
What is Man in Middle attack ?
0
Comment
Question by:pawanopensource
2 Comments
 
LVL 24

Assisted Solution

by:aadih
aadih earned 250 total points
ID: 39230078
The man-in-the-middle attack (often abbreviated MITM, MitM, MIM, MiM, MITMA, also known as a bucket brigade attack, or sometimes Janus attack[citation needed]) in cryptography and computer security is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker...

http://en.wikipedia.org/wiki/Man-in-the-middle_attack >
0
 
LVL 7

Accepted Solution

by:
msifox earned 250 total points
ID: 39231397
Example: you want to connect to a web server with https (encrypted).
Someone manipulates your hosts file, or spoofs the DNS reply, to make your PC connect to his server instead.
So you make a https connection to him, and he makes a https connection to the server that you wanted to connect to. Now he forwards your data to the server, and forwards the server response back to you.
Result: he can read everything that is transferred, because he has it in unencrypted form.
He is sitting in your connection, between you and your destination. thus man in the middle.

Usually your web browser should cry foul because he doesn't see the valid certificate of the right server. But in last months there were several cases reported where certificate providers signed wrong certificates, signed wildcard certificates, were infiltrated by trojans etc. Thus the man in the middle might be able to provide your browser a certificate that the browser regards as valid.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These days, all we hear about hacktivists took down so and so websites and retrieved thousands of user’s data. One of the techniques to get unauthorized access to database is by performing SQL injection. This article is quite lengthy which gives bas…
In 2017, ransomware will become so virulent and widespread that if you aren’t a victim yourself, you will know someone who is.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now