tcp/routing question...

Joel Jaeggli joelja at darkwing.uoregon.edu
Tue Jun 7 23:40:49 UTC 2005


On Wed, 8 Jun 2005, Lai Zit Seng wrote:

> On Tue, 7 Jun 2005, Scot L. Harris wrote:
>
>> Short answer yes.  The idea of a MITM attack is that somehow the
>> attacker has inserted a system or redirected your systems traffic
>> through a intermediate system.  The middle system acts as a proxy.  It
>> can be capable of rewriting the packets going between the two systems
>> under attack.  The middle system will handshake with each of the other
>> systems and relay packets between so you won't know it is there.  At
>> that point it will collect information or can modify the packets going
>> through for what ever purpose.
>> 
>> The difficulty is in getting a system inserted into such a position.  It
>> typically requires physically inserting a system in the path unless the
>> attacker is able to mess with the end systems proxy settings and
>> redirect things that way.
>
> In practice, there are many ways to do this, so it's actually not terribly 
> difficult. E.g. one could subvert the DNS so that the client unwittingly 
> connects to the wrong server.

route injection, address space hijack, arp spoofing (ie masquerding as 
the gateway or the host) on either ends edge network, etc...

> Regards
>
> .lzs
> --
> http://zitseng.com/
>
>

-- 
--------------------------------------------------------------------------
Joel Jaeggli  	       Unix Consulting 	       joelja at darkwing.uoregon.edu
GPG Key Fingerprint:     5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2




More information about the fedora-list mailing list