My Life as an Internet Security Consultant

Tuesday, June 20, 2006

Man on the middle attack (mitm)


What is man in the middle attack?

A man-in-the-middle (MiM) attack is a clever way to circumvent
encryption. The attacker sits between the two communicating
parties, with each party believing they are communicating with
the other party, but both are communicating with the attacker.
When an encrypted connection between the two parties is established,
a secret key is generated and transmitted using an asymmetric cipher.
Usually, this key is used to encrypt further communication between
the two parties. Because the key is securely transmitted and the
subsequent traffic is secured by the key, all of this traffic is
unreadable by any would-be attacker sniffing these packets.

However, in a man-in-the-middle attack, party A believes that she
is communicating with B, and party B believes he is communicating
with A, but in reality, both are communicating with the attacker.
So when A negotiates an encrypted connection with B, A is actually
opening an encrypted connection with the attacker, which means the
attacker securely communicates with an asymmetric cipher and learns
the secret key. Then the attacker just needs to open another encrypted
connection with B, and B will believe that it is communicating with A.

Yesterday, my friend who has a simple knowledge in computers
sends me a picture. First look at it and I’m amazed. Because,
the picture is all about the MITM (man in the middle) attack
example. As you can see in the picture the username and password
is blackend for security purposes. My friend said that it’s a
SMART wi-fi connection because he is in his house. And not only
https usernames and passwords will be sniffed but also including
the FTP, IMAP, POP3, SMB, TELNET, VNC, TDS, SMTP, NNTP, MSKerb5-PreAuth,
Radius-Keys, Radius-Users, ICQ, IKE-PSK, MySQL, SNMP, and SIP. If
that is true then all SMART wi-fi subscribers are in great danger
here. Just imagine if everyone knows how to use a man in the middle
attack in SMART wi-fi connections. It would be a disaster!

Anyone knows how to combat this attack?

2 Comments:

  • Hi James,

    Microsoft recently added certificate security to RDP(port 3389). This will prevent the MITM attacks!

    Thanks for visiting my website too!

    By Anonymous Anonymous, at 10:49 PM  

  • yeah we tried using mitm on new rdp and the password can not be sniffed. :)

    By Anonymous Anonymous, at 4:00 AM  

Post a Comment

<< Home