Hello friends, you can make out from the title what i am going to say in this post. I am going to give a information about this type of attack "Man in the middle".
What is man in the middle?
It is nothing but an attacker who sits in between the two user in an network. Normally the two person will be the user and the router(gateway) in an network. The attacker will try to do few trick and replace the roll of router and he sits in his position.
This is done by doing DNS spoofing, ARP poisoning, IP spoofing and few more other method.
In this attack the user will not come to know that, his traffic is been forwarded through the attacker in the network. The attacker can simply gather information about the user and use it later or attacker can try to do active attack to the user.
The few steps to be taken to prevent this is by keeping your system up to date, using key infrastructure, digital certificate, secure connection like ssl or ssh and using strong password which should be an encrypted password.
User guide:
* Always use your own network.
* Use secure pages.
* Update your system with latest patches.
* If you find your network is slow it can be due to MITM, this can also be false positive.
* Update your anti-virus and firewall frequently.
* Use strong authentication to sign in to a site(which is in hands of your web server).
* If your are wireless user please disable auto connection because the attacker may spoof with his device with same BSSID name that you have.
I will demonstrate an attack that the attacker can do with some tools.
I will also show how the secure web page(USING CA) is safer than the normal HTTP page.
What is man in the middle?
It is nothing but an attacker who sits in between the two user in an network. Normally the two person will be the user and the router(gateway) in an network. The attacker will try to do few trick and replace the roll of router and he sits in his position.
This is done by doing DNS spoofing, ARP poisoning, IP spoofing and few more other method.
In this attack the user will not come to know that, his traffic is been forwarded through the attacker in the network. The attacker can simply gather information about the user and use it later or attacker can try to do active attack to the user.
The few steps to be taken to prevent this is by keeping your system up to date, using key infrastructure, digital certificate, secure connection like ssl or ssh and using strong password which should be an encrypted password.
User guide:
* Always use your own network.
* Use secure pages.
* Update your system with latest patches.
* If you find your network is slow it can be due to MITM, this can also be false positive.
* Update your anti-virus and firewall frequently.
* Use strong authentication to sign in to a site(which is in hands of your web server).
* If your are wireless user please disable auto connection because the attacker may spoof with his device with same BSSID name that you have.
I will demonstrate an attack that the attacker can do with some tools.
I will also show how the secure web page(USING CA) is safer than the normal HTTP page.
No comments:
Post a Comment