A man-in-the-middle (MITM) attack is implemented by intruders that manage to position themselves between two legitimate hosts. The attacker may allow the normal communication between hosts to occur, but manipulates the conversation between the two.
There are many ways that an attacker gets position between two hosts. A very good example is called the transparent proxy. The attacker prey on their victims by sending a phising email or by defacing a legitimate website.
When the victim loads the URL of a defaced webpage, the attackers URL is added to the front of it.
For example: let say http://www.ocbtc.com/ is a legitimate URL. But when website’s URL is hacked it becomes http://www.theattacker.com/http://www.ocbtc.com/
If an intruder manages to get into a strategic position, they can steal information, take control of an ongoing session to gain access to private network resources, conduct DoS attacks, corrupt transmitted data, or introduce new information into network sessions.
- 1.When a victim requests a webpage, the host of the victim makes the request to the host of the attacker’s.
- 2. The attacker’s host receives the request and fetches the real page from the legitimate website.
- 3. The attacker can alter the legitimate webpage and apply any transformations to the data they want to make.
- 4. The attacker forwards the requested page to the victim.
One of the ways to control Man-in-the-middle (MITM) attack is by using VPN tunnels, this allow the attacker to see only the encrypted, unreadable text. These can be especially useful in Wide Area Networks.
In Local Area Networks, attackers use hacking tools such as, ettercap and ARP poisoning. One of the ways to control this type of attack is by configuring port security on LAN switches.