Man in the Middle Attacks

Posted on March 29, 2011 by dgs

Man in the Middle Attacks
by
David Schlecht

The Attack

A Man-in-the-middle attack is a type of attack where you think you’re connected to your bank’s web site but are in fact connected to an attacker’s site while he’s mirroring all your activity on the real bank site.

This is typically a real-time attack in which the information you send the fake bank site is used to connect to the actual bank site and withdraw money. The reason this is real-time is that your login at the real bank site might be using a temporary password that will expire at the end of the current session. This also means that by the time you find out about the break in, it’s too late to stop it.

These types of attacks are easiest done by spoofing the DNS resolution of the victim’s DNS queries.

If you use your laptop to connect to the wireless networks at your hotels or at the airports, you’re at risk of connecting to the wrong site and if you connect to an attacker’s WiFi, then you are using his DNS server.

I’ve even known people who connect to any open wireless network available. This is a sure way to get caught with a man-in-the-middle attack.

Solution

The best solution to this type of attack is education. You should have your employees trained on this and the numerous other vectors of attack. Contact us and set up some training.

This entry was posted in Computer Security, Internet Security and tagged , , . Bookmark the permalink.

One Response to Man in the Middle Attacks

  1. Pingback: Domain Name Resolution Attacks | Network Security Technology