What is Man in the middle attack?
By this attack Communications between two parties are altered.
In short it is called as MITM.
Two parties believe they are directly communicating with each other.
Attackers interrupts in communications between two parties.
- It is type of eavesdropping attack
- It is also a type of session hijacking.
- Use static ARP
- IPS system ( It can detect sudden change in the network performance)
- Use VPN secure environment
How Man in the middle attack works?
- Attackers interrupts a data transfer between client and server.
- Client believes that it is still communicating with the particular server.
- Server believes that it is communicating with client.
- But there is third person, man in the middle who listens, data.
Attacker set-up fake chat service.
Chats with user to gain account information.
Users believes he or she is communicating with bank representative, who is actually an attacker.
Types of Man in the middle attacks:
In this attacker takes help of software to intercept (sniff) data.
Rough Access Point/ Evil Twin:
In this attacker uses duplicates a trusted WIFI network/setups a wireless access point.
User believes they are signing to real or original network.
Now attackers intercepts data.
Session Hijacking or Side-jacking:
In this attackers sniffs data packets.
Steals session cookies and hijack user session.
Once attacker gets access to user session, he can do anything.
In this malicious packets are injected into data communications streams.
Hackers take help of SSL stripping to intercept packets.
and they alert HTTP request to the HTTP equivalent endpoint.
Host will be force to make request to the server.
By this unencrypted sensitives data can be leaked in the form of plain text.
What is ARP poisoning?
Also known as ARP spoofing.
In this hackers send falsified ARP message to LAN.
In order to link hacker MAC Address with IP address of legit computer or server on the network.
It is used for Man in Middle attack.
- Use static ARP
- Detect ARP spoofing by using tools such as XARP
- Packet filtering
- Install Anti virus and keep signatures updated.