MITM (Man in the middle) attack - Essay Example

MAN IN THE MIDDLE ATTACK By Presented Man in the Middle Attack Man in the middle attack abbreviated as MITM is the attack involving the intrusion of the attackers into the existing connection with an aim of intercepting the exchanged data and injecting false information. It mainly involves intruding into an existing connection, eavesdropping on a connection, selectively modifying or changing data, and intercepting messages. The definition of MITM is that it is a type of attack where the intruder or attacker intrudes into the conversation or communication between the endpoints on a given network to include or inject false or untrue information and intercept the transfer of data between the endpoints.

The other names for MITM attack are fire brigade, Bucket Brigade, monkey-in-the –middle, TCP hijacking, session hijacking, and TCP session hijacking (Bhatia, 2008) Man-in-the-middle attack can be successful only when the attacker has the ability to impersonate each of the two endpoints to the others satisfaction. Most of the cryptographic protocols involve certain forms of authentication that is designed specifically to prevent the MITM attack. An example of an MITM attack that is successful against the public key encryption is as follows: In an MITM (Man-in-the-Middle) attack, the intruder or an attacker inserts or puts himself between notes of two networks. E.g.

, considering a successful attack, if a packet is sent to Alice by John, the packet sent passes through or branches through the attacker or intruder Jane first and Jane decides after getting it to forward it to the recipient Alice with modifications or without any; upon receiving the packet, Alice thinks that it come from John. The attack i.e. MITM is bidirectional, hence the same process applies upon Alice sending a packet to John (Samah, et al, 2008) The available techniques for preventing an MITM attack are authentication techniques based on second or secure channel verification, passwords and secret keys, which are strong and secure authentication, latency examination, one-time pads, and carry-forward verification.

Secret keys are high information entropy secrets hence more secure while passwords are low information entropy secrets, which are less secure (Stewart, 2008). Long or Extended calculations of Cryptographic hash function, which is a latency examination lead into few seconds and incase both involved parties take twenty seconds, the third party can be indicated since the calculation take sixty seconds to reach to each involved party. One-time pads are resistant or immune to MITM (man-in-the-middle) attacks in the case when the trust and security of the one-time pad is assumed.

An existing networking tool that can be utilized to prevent an MITM attack is the ARP monitoring tool called the ARP watch. This tool alerts the user when any unusual ARP communication has occurred (Nachreiner, 2011). The techniques that are used to generate an MITM attack are classified in consideration to the types of network environment. Based on LAN, There are ARP spoofing, DNS spoofing, IP address spoofing, Port stealing, and STP mangling. Considering through a gateway network( from the local to remote) there are ARP poisoning, DNS spoofing, DHCP spoofing, Gateway spoofing, IRDP spoofing, and ICMP redirection.

On remote networking there are DNS poisoning, Traffic tunneling, and Route mangling. ARP spoofing- Address Resolution Protocol(ARP) spoofing also called ARP poisoning or Routing involve the attacker using this technique to sniff LAN data frames and then modify or alter the packets. Corrupting the ARP caches of hosts who are directly connected and taking over the victims IP address is a technique that the attacker uses. The tools used include the ARPoison, which is a tool (UNIX command line) that is used to create or form spoofed packets of ARP.

Other tools are Ettercap for hijacking, poisoning, filtering, and SSHv.1 sniffing, and Dsniff for sniffing, and poisoning. DNS spoofing- involve the attacker starting by sniffing the identity of any request of DNS and replying the target request just before the real DNS server does so. IP address spoofing entails the attacker creating IP packets that have forged IP address source to conceal the ID of the packet sender or impersonating another system of the computer. The tools used are Hping and spoofed IP.

Port stealing is used to spoof FDB (switch forwarding database) and then usurp the victim host’s switch port for layer two networks packet sniffing (Bhatia, 2008:p.1). The networking tool that is available in ADIOS Linux for preventing an MITM attack is called ettercap. This tool features the sniffing of live connections, and contentment filtering found on the fly among other tricks that is has. Ettercap supports passive and active dissection of several protocols including the ciphered protocols and also has other features for host and network analysis.

Ettercap is multipurpose (ADIOS Linux Project, 2010) The networking tool for generating MITM attack in an ADIOS Linux is called the ARPoison. This tool is a UNIX Command –line that creates or generates spoofed ARP packets. This program sends a custom packet called ARP REPLY. Another tool that can be used to generate an MITM attack is Dsniff. This tool was developed for penetration and auditing testing but can be used for SSL MITM attacks. The components of this tool are “filesnarf’, ‘msgsnarf’, ‘mailsnarf’, ‘webspy”, and “urlsnarf.

” Ettercap, which is the ADIOS tool for preventing an MITM attack is demonstrated below.Figure 1: ADIOS tool for preventing an MITM attack (Source: Ettercap)List of ReferencesADIOS Linux Project., 2010., ADIOS 8(NET). [Online] Available at: [Accessed January 13 2012] Alor & Naga., 2010. Ettercap: 0.7.4-Lazarus Released. Ettercap.[Online] Available at: < http://ettercap.sourceforge.net/> [Accessed January 13 2012]Bhatia, A., 2008. Man-In- The- Middle Attack. Toolbox [online] (December 8, 2008) Available at: http://it.toolbox.com/wiki/index.

php/Man-in-the-Middle_Attack [Accessed January 13 2012]Samah, A. et al., 2008. Symmetric Encryption.[online] Available at: [Accessed January 13 2012]Nachreiner, C., 2011. Anatomy of an ARP Poisoning Attack. WatchGuard [online] Available at: [Accessed January 13 2012]Stewart, J.M., 2008. CompTIA security+ review guide. Hoboken, NJ: John Wiley and Sons