tcp/routing question...
Joel Jaeggli
joelja at darkwing.uoregon.edu
Tue Jun 7 23:40:49 UTC 2005
On Wed, 8 Jun 2005, Lai Zit Seng wrote:
> On Tue, 7 Jun 2005, Scot L. Harris wrote:
>
>> Short answer yes. The idea of a MITM attack is that somehow the
>> attacker has inserted a system or redirected your systems traffic
>> through a intermediate system. The middle system acts as a proxy. It
>> can be capable of rewriting the packets going between the two systems
>> under attack. The middle system will handshake with each of the other
>> systems and relay packets between so you won't know it is there. At
>> that point it will collect information or can modify the packets going
>> through for what ever purpose.
>>
>> The difficulty is in getting a system inserted into such a position. It
>> typically requires physically inserting a system in the path unless the
>> attacker is able to mess with the end systems proxy settings and
>> redirect things that way.
>
> In practice, there are many ways to do this, so it's actually not terribly
> difficult. E.g. one could subvert the DNS so that the client unwittingly
> connects to the wrong server.
route injection, address space hijack, arp spoofing (ie masquerding as
the gateway or the host) on either ends edge network, etc...
> Regards
>
> .lzs
> --
> http://zitseng.com/
>
>
--
--------------------------------------------------------------------------
Joel Jaeggli Unix Consulting joelja at darkwing.uoregon.edu
GPG Key Fingerprint: 5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2
More information about the fedora-list
mailing list