Unauthorized access, Men in the Middle (MITM)


Published on

In this type of attack, the attacker attempts to insert himself in the
middle of a communication for purposes of intercepting client’s data.

Published in: Technology, News & Politics
  • nice 1
    Are you sure you want to  Yes  No
    Your message goes here
  • hello dear
    Nice to meet you My name is miss Helen. am a young girl I was impressed when i saw your profile today and i will like to establish a long lasting relationship with you. In addition, i will like you to reply me through my e-mail address(jonathan_helen@ymail.com) so that i will give you my picture of you to know whom i am, please i will like to tell you how much interested i am in knowing more about you, i think we can start from here and share our feelings together as one. please contact me back with my mail address Thanks waiting to hear from you dear.yours new friend
    Are you sure you want to  Yes  No
    Your message goes here

Unauthorized access, Men in the Middle (MITM)

  1. 1. By: Balvinder Singh & Priya Nain Unauthorized Access: Man-in-the-Middle Attacks (MITM)
  2. 2. In this type of attack, the attacker attempts to insert himself in the middle of a communication for purposes of intercepting client’s data and could potentially modify them before discarding them or sending them out to the real destination. The attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to Each other over a private connection, when in fact the entire conversation is Controlled by the attacker. Man-in-the-middle attacks
  3. 3. Attacker inserting himself in the middle of a communication Server Client Attacker
  4. 4. <ul><li>Name Origin , The name &quot;Man-in-the-Middle&quot; is derived from the basketball </li></ul><ul><li>scenario where two players intend to pass a ball to each other while one player </li></ul><ul><li>between them tries to seize it. MITM attacks are sometimes referred to as </li></ul><ul><li>&quot;bucket brigade attacks&quot; or &quot;fire brigade attacks.&quot; </li></ul>MITM attack is also known as: <ul><ul><li>Bucket-brigade attack </li></ul></ul><ul><li>Fire brigade attack </li></ul><ul><li>Session hijacking </li></ul><ul><ul><li>TCP hijacking </li></ul></ul><ul><ul><li>TCP session hijacking </li></ul></ul><ul><ul><li>Monkey-in-the-middle attack </li></ul></ul>
  5. 5. Man-in-the-middle attacks take two common forms <ul><li>Eavesdropping , is an attacker simply listens to a set of transmissions to </li></ul><ul><li>And from different hosts even though the attacker's computer isn't party to the </li></ul><ul><li>transaction. Many relate this type of attack to a leak, in which sensitive </li></ul><ul><li>information could be disclosed to a third party without the legitimate users </li></ul><ul><li>Knowledge. </li></ul><ul><li>Manipulation, attacks build on the capability of eavesdropping by taking </li></ul><ul><li>This unauthorized receipt of a data stream and changing its contents to suit a </li></ul><ul><li>certain purpose of the attacker-perhaps spoofing an IP address, </li></ul><ul><li>changing a MAC address to emulate another host, or some other type of </li></ul><ul><li>modification. </li></ul>
  6. 6. Security Breach Example To ensure no prosecution, hackers contacted bank president and gave two options: 2003 group of hackers were &quot;testing&quot; security of various banks and noticed that one was extremely vulnerable Within a couple of hours, they transferred over $10 million dollars from the bank to a private account Due to bank's poor network security, attackers tracks were difficult to find Sign proposal indicating that hacker's were forming a security assessment at bank's request for $5 million dollars and hackers would then return the other $5 million. Bank could prosecute, but attackers would deny everything and notify media on bank's poor security
  7. 7. What choice do you think the bank president choose? Bank Manager made a signed aggrement And gave $5 Millions to Hackers on the behalf of security assesment
  8. 8. Man in the Middle Scenario <ul><li>All laptop users connect to a public network </li></ul><ul><li>Wireless connection can easily be compromised or impersonated </li></ul><ul><li>Wired connections might also be compromised </li></ul>Internet
  9. 9. Rules of Thumb – Don’ts … <ul><li>Someone might be listening to the requests </li></ul><ul><ul><li>Don’t browse sensitive sites </li></ul></ul><ul><ul><li>Don’t supply sensitive information </li></ul></ul><ul><li>Someone might be altering the responses </li></ul><ul><ul><li>Don’t trust any information given on web sites </li></ul></ul><ul><ul><li>Don’t execute downloaded code </li></ul></ul>
  10. 10. Rules of Thumb – What Can You Do? <ul><li>This leaves us with: </li></ul><ul><ul><li>Browse Non-Sensitive sites </li></ul></ul><ul><ul><li>Share personal information only over secure networks </li></ul></ul>Non-sensitive sites Boring Sensitive sites Interesting Internet
  11. 11. Passive Man in the Middle Attacks Victim browses to a website Attacker views the request and forwards to server Attacker views the response and forwards to victim Server returns a response Other servers are not affected
  12. 12. Active Man in the Middle Attack <ul><li>The attacker actively directs the victim to an “interesting” site </li></ul><ul><li>The IFrame could be invisible </li></ul>Victim browses to a “boring” site Attack transfers the request to the server Attacker adds an IFRAME referencing an “interesting” site Server returns a response Automatic request sent to the interesting server Other servers are not affected My Weather Channel My Bank Site My Bank Site
  13. 14. Secure Connections Login Mechanism
  14. 15. Session Fixation Cookie is being saved on victim’s computer Attacker redirects victim to the site of interest Attacker returns a page with a cookie generated by server A while later, victim connects to the site (with the pre-provided cookie) Attacker uses the same cookie to connect to the server Server authenticates attacker as victim <ul><li>Result </li></ul><ul><ul><li>Now server authenticate attacker as victim/client, now attacker has same privileges as our victim have. </li></ul></ul>
  15. 16. Attack strategy – Spoofing Spoofing  is the creation of TCP/IP packets using somebody else's IP address. Routers use the &quot;destination IP&quot; address in order to forward packets through The Internet, but ignore the &quot;source IP&quot; address. That address is only used by the destination machine when it responds back to the source. An example from cryptography is the Man in the middle Attack, in which an attacker spoofs Alice into believing the attacker is Bob, and spoofs Bob into believing the attacker is Alice, thus gaining access to all messages in both directions without the trouble of Any cryptanalytic effort.
  16. 17. <ul><li>E-Mail address Spoofing </li></ul>Types of Spoofing <ul><li>URL Spoofing and Phishing </li></ul><ul><li>Referrer Spoofing </li></ul>
  17. 18. URL spoofing and phishing , Another kind of spoofing is &quot;webpage spoofing” also known as Phishing. In this attack, a legitimate web page such as a bank's site is reproduced in &quot;look and feel&quot; on another server under control of the attacker. The main intent is to fool the users into thinking that they are connected to a trusted site, for instance to harvest usernames and passwords. Referrer spoofing , Some websites, especially pay sites, allow access to their materials only from certain approved (login-) pages. This is enforced by checking the referrer header of the HTTP request.
  18. 19. The sender information shown in E-Mails (the &quot;From&quot; field) can be spoofed easily. This technique is commonly used by spammers to hide the origin of their e-mails and leads to problems such as misdirected Bounces. Like attacker send a message to user by changing its ‘From' field and user Think that message is received by an trusted person and he may reply to that Message and our data may be misused. E-mail address spoofing
  19. 20. Defending against Spoofing Spoofing is difficult to defend against due to the attacks being mostly passive by nature. <ul><li>What you get is a webpage that is different than what you are expecting. </li></ul>In very targeted attacks it is very possible that you may never know that attackers have been entered into your system <ul><li>By using virtual proxy generator </li></ul><ul><li>By using login mechanism </li></ul>
  20. 21. ?
  21. 22. Thank You