tcp/routing question...

Scot L. Harris webid at cfl.rr.com
Wed Jun 8 02:00:48 UTC 2005


On Tue, 2005-06-07 at 19:34, Lai Zit Seng wrote:
> On Tue, 7 Jun 2005, Scot L. Harris wrote:
> 
> > Short answer yes.  The idea of a MITM attack is that somehow the
> > attacker has inserted a system or redirected your systems traffic
> > through a intermediate system.  The middle system acts as a proxy.  It
> > can be capable of rewriting the packets going between the two systems
> > under attack.  The middle system will handshake with each of the other
> > systems and relay packets between so you won't know it is there.  At
> > that point it will collect information or can modify the packets going
> > through for what ever purpose.
> >
> > The difficulty is in getting a system inserted into such a position.  It
> > typically requires physically inserting a system in the path unless the
> > attacker is able to mess with the end systems proxy settings and
> > redirect things that way.
> 
> In practice, there are many ways to do this, so it's actually not terribly 
> difficult. E.g. one could subvert the DNS so that the client 
> unwittingly connects to the wrong server.

Agreed there are several different ways to attempt a man in the middle
attack.  None of them are what I would call easy to do.  :)

There much easier ways to attempt to break into systems.  

And as others have pointed out proper use of certificates and encryption
mitigate the risk of such attacks.

The more likely vector for attacks are inside personnel and poor
security procedures (bad passwords, sloppy firewall rules, etc.).

-- 
Scot L. Harris
webid at cfl.rr.com

Cleanliness is next to impossible. 




More information about the fedora-list mailing list