What's MIMT Methodology?
Man in the middle attacks are a group of attacks based in the bridge system. The attacker uses differents methods to became involved into the communication of subjects without their consent. It will be easy to explain with an example:
1. Oriol sends a message to Carles, which is intercepted by Mariano:
Oriol "Hi Carles, it's Oriol. Give me your key." → Mariano Carles
2. Mariano relays this message to Carles; Carles cannot tell it is not really from Alice:
Oriol Mariano "Hi Carles, it's Oriol. Give me your key." → Carles
3. Carles responds with his encryption key:
Oriol Mariano ← [Carles's key] Carles
4. Mariano replaces Carles's key with her own, and relays this to Oriol, claiming that it is Carles's key:
Oriol ← [Carles's key] Mariano Carles
5. Oriol encrypts a message with what she believes to be Carles's key, thinking that only Carles can read it:
Oriol "Meet me at the bus stop!" [encrypted with Mariano's key] → Mariano Carles
6. However, because it was actually encrypted with Mariano's key, Mariano can decrypt it, read it, modify it (if desired), re-encrypt with Carles's key, and forward it to Bob:
Oriol Mariano "Meet me at the van down by the river!" [encrypted with Carles's key] → Carles
MITM scheme based in the example
There are too differents types of attacks but mainly we will focus in four.
ARP Spoofing , DNS spoofing, Port Stealing and DHCP Spoofing.
*Spoofing
A spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data, thereby gaining an illegitimate advantage.
Comentarios
Publicar un comentario