6- Man-in-the-middle Attack

Document Sample
6- Man-in-the-middle Attack Powered By Docstoc
					      MAN-IN-THE-MIDDLE ATTACK (MITM ATTACK)
1.   WHAT IS MAN-IN-THE-MIDDLE (MITM) ATTACK ?
A man in the middle attack is one in which the attacker intercepts messages in a public
key exchange and then retransmits them, substituting his own public key for the
requested one, so that the two original parties still appear to be communicating with
each other.
      The attack gets its name from the ball game where two people try to throw a ball
directly to each other while one person in between them attempts to catch it. In a man in
the middle attack, the intruder uses a program that appears to be the server to the client
and appears to be the client to the server. The attack may be used simply to gain access
to the message, or enable the attacker to modify the message before retransmitting it.
     Man in the middle attacks are sometimes known as fire brigade attacks. The term
derives from the bucket brigade method of putting out a fire by handing buckets of
water from one person to another between a water source and the fire.




2.   WHAT IS BACKTRACK LINUX?
Backtrack is a Linux distribution distributed as Live cd or Usb for penetration
testing.BackTrack provides penetration testers a comprehensive collection of security
related tools, support live cd and live usb and permanent installation also.BackTrack
provides Mozilla, Pidgin, K3B, XMMS .You can create personalized distributions by
including customizable scripts, additional tools and configurable kernels.

                                            1
BackTrack includes many well known security tools Like NMAP, KISMET and many
more.
      Backtrack 5 has been released and based on ubuntu 11.04. Backtrack 5 contains
most of the security audit tools for penetration testing purpose. Backtrack 5 with all the
tools are free of cost.

3.   PREPARATION FOR MITM ATTACK
We need to identify the victim’s IP for the attack. We need two IP addresses in which
we will be the Man in the middle. We can use nmap scan which have already cover in
the previous tutorials. Use the nmap to scan the whole network and identify the victim
clearly. Another method we have is to consider the whole network as victim. If we will
select two particular victim’s IPs then we will be able to see packets only between those
two IP address but if we will choose whole network to be the victim the every packet
floating in the network will be relayed from the attacker’s machine.
See the ettercap tutorial for configuring ettercap for this attack.

4.   ETTERCAP DEMO
A separate PDF has been attached to demonstrating the MITM attack using ettercap.
Please go through the PDF for learning the MITM Attack.

5.   COUNTERMEASURES AGAINST "MAN IN THE MIDDLE" ATTACKS
What protections are there against man in the middle attacks on your network? Consider these
steps:
     Survey the APs operating with your unique SSID. Take down any that are not
authorized to be on the air.
     Use strong encryption on your network. WPA is much better than WEP
    Use SSL. It will make man in the middle attacks more difficult, and will prevent
most attacks.
     Doublecheck SSL certificates before using https pages. IE and Firefox can do this
for you.
     Encrypt any documents you don't want to be intercepted or altered.
     Using a VPN service is quite effective against man in the middle attacks
     Forget about WEP. WEP is dead. Use WPA encryption




                                              2

				
DOCUMENT INFO
Shared By:
Categories:
Tags: hackingz, trick
Stats:
views:99
posted:1/15/2012
language:
pages:2
Description: Hackingz