Man-in-the-Middle Attacks and Mitigation Strategies
Explore the threats of Man-in-the-Middle (MITM) attacks like DNS Spoofing and ARP Poisoning, and learn about Ettercap tool and defense techniques. Discover how to protect yourself against MITM attacks with tips such as avoiding open WiFi networks and using HTTPS Everywhere.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
Man in The Middle A man in the middle attack (MITM) places an attacker in the middle of a communication, allowing them to sniff, spoof and alter the communication. There are many different types of MITM attacks: DNS Spoofing ARP Poisoning DHCP Spoofing
ARP Poisoning ARP Poisoning is when an attacker sends false ARP messages over a network, linking the attacker s MAC address with the IP address of a victim. Which allows the attacker to receive any data sent to that IP address. Do you have IP 3 Do you have IP 3 Do you have IP Do you have IP Do you have IP 3 3 3 My Mac is MAC3 I have IP1 My MAC is MAC2Has IP2 I have IP3 My MAC is MAC2 Has IP3 & Mac3 Has IP1 & MAC1 & MAC2
DNS Spoofing DNS spoofing is a MITM technique used to supply false DNS information/ responses to victim(s). XXX.XX.XX.XX AKA TDbank www.TDbank.com www.TDbank.com XXX.XX.XX.XX YYY.YY.YY.YY DNS server TDbank speaking YYY.YY.YY.YY AKA Malicious site
DHCP Spoofing DHCP spoofing occurs when an attacker sets up a Rogue DHCP server and provides its own IP address as a gateway, As well as possibly providing a fraudulent DNS server. I m a DHCP Server I need an IP addr. DHCP Server Here is the Gateway and DNS server Rogue DHCP Server Malicious site Not Facebook.com RBCbank.com DNS server Fake DNS server DHCP Server
Different Scenarios DNS Cache Poisoning A persistent attack I don t have that YYY.YY.YY.YY Got it! Scotiabank.com = www.Scotiabank.com www.Scotiabank.com Its XXX.XX.XX.XX Its YYY.YY.YY.YY DNS server Local DNS Cache Scotiabank.com is IP YYY.YY.YY.YY XXX.XX.XX.XX AKA Scotiabank YYY.YY.YY.YY AKA Malicious site
Ettercap (tool) Ettercap is a tool that includes a collection of man in the middle attacks. Functionalities: sniffing on live connections Real time filtering Network and host analysis
Mitigation & Defences Never connect to open WiFi routers Make sure you visit HTTPS supported websites You can use browser plug-ins such as HTTPS Everywhere or ForceTLS These plug-ins will provide secure communication when possible. SSL script/ HTTPS Does both encryption & authentication However there are attacks which can get past the HTTPS encryption (using a tool like SSLstrip)
