2. MIDDLE MAN CHEATING
• Definition
a man-in-the-middle attack (MITM) is an attack where the attacker secretly relays and possibly alters
the communications between two parties who believe they are directly communicating with each other.
One example of a MITM attack is active eavesdropping, in which the attacker makes independent
connections with the victims and relays messages between them to make them believe they are talking
directly to each other over a private connection, when in fact the entire conversation is controlled by the
attacker. The attacker must be able to intercept all relevant messages passing between the two victims
and inject new ones. This is straightforward in many circumstances; for example, an attacker within
reception range of an unencrypted wireless access point (Wi-Fi) could insert themselves as a man-in-the-
middle.
As it aims to circumvent mutual authentication, a MITM attack can succeed only when the attacker
impersonates each endpoint sufficiently well to satisfy their expectations. Most cryptographic protocols
include some form of endpoint authentication specifically to prevent MITM attacks. For example, TLS can
authenticate one or both parties using a mutually trusted certificate authority.
4. Rogue access points are set up to trick computers that automatically
connect to Wi-Fi by posing as legitimate public networks. These rogue
networks often monitor traffic and steal sensitive information.
Address resolution spoofing involves a malicious node on a local area
network posing as another machine to trick a victim into connecting to it
before passing traffic on to the legitimate node.
MDNS spoofing fools network devices into connecting to fake addresses.
mDNS is used to match names to addresses on local area networks, and
when spoofed give malicious machines access to vulnerable computers and
IoT hardware.
DNS spoofing is commonly used to trick internet users into connecting to
fake websites set up to look like real ones. This method is common in online
banking fraud and other account hijacking attacks.
THE STEPS OF THE CRIME