Man-in-the-Middle Attacks

Man-in-the-middle attacks are a type of information interception that when it occurs is unknown to both the sender and the receiver. What methods can be used to create a man-in-the-middle attack?

A man-in-the-middle attack is also referred to as a meet-in-the-middle attack – which probably is a little bit more politically correct, but it can do several bad things to your network. It can be used to steal information, it can be used to hijack ongoing UDP flows or TCP sessions, especially get access to protected network resources. It can be used to analyze traffic, part of a reconnaissance to determine more information about your network and your individual users. It can be part of a denial-of-service attack, it can capture the information, it can corrupt it, and then it can reinject it back into the flow. In other words, it can break down your trust identity to modify traffic in a malicious way. It can also introduce new information into network sessions.

man in the middle attack

Now there are a couple of differentiations here - you have a blind attack and a non-blind attack. A blind attack will basically interrupt a connection that's not crossing your cables. A non-blind attack interferes with connections that are crossing your cables, okay, or through the airways with wireless. A common variant of this is the TCP session hijack where the cracker will sniff to find out the client and server IP address and port numbers, and then modify the packet headers to spoof the TCP/IP packets from the client, and then wait for an acknowledgement packet from the client going to the server. That ACK will have the sequence number of the next packet that the client is expecting, they can reply using a modified packet with a source address of the server and the destination address of the client. So you're basically forcing a TCP reset that disconnects legitimate client, the cracker then takes over the communication with the server by spoofing the expected sequence number from the acknowledgement previously sent from the legit client to the server. This could also be an attack against confidentiality if they're able to break down weak keys, for example used in symmetric key encryption.

Creative Commons License This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 License.

Last modified: Tuesday, December 15, 2020, 5:20 PM