Sunday, June 13, 2010

Understanding Man-in-the-Middle Attacks

ARP Cache Poisoning | Session Hijacking | SSL Hijacking

One of the most prevalent network attacks used against individuals and large organizations alike are man-in-the-middle (MITM) attacks. Considered an active eavesdropping attack, MITM works by establishing connections to victim machines and relaying messages between them. In cases like these, one victim believes it is communicating directly with another victim, when in reality the communication flows through the host performing the attack. The end result is that the attacking host can not only intercept sensitive data, but can also inject and manipulate a data stream to gain further control of its victims.

In this series of articles we will examine some of the most widely used forms of MITM attacks including ARP cache poisoning, DNS spoofing, HTTP session hijacking, passing the hash, and more. As you will mostly find in the real world, most victim machines are Windows-based hosts. That being the case, this series of articles will focus entirely on MITM exploitation of hosts running versions of Windows. When possible, attacks will also be performed from Windows based hosts. In cases when there are no tools available for the attack being presented we will be utilizing Backtrack Linux 4, downloadable as a live-CD or a virtual machine from here.

More :

No comments: