Results 1 to 5 of 5

Thread: man in the middle attacks

  1. #1
    Junior Member
    Join Date
    May 2002

    man in the middle attacks

    hi all.
    does anybody knows where i can find some information on this kind of attack?
    i have heard that dns spoofing has something to do with this subject.

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Redondo Beach, CA
    Depends on the environment you are working in. You might not need to use DNS Spoofing. Google is a very powerful search engine and that's usually a good place to start to learn how attacks are done. SANS has some pretty good white papers in their Reading Room (RR). http://www.sans.org/rr/threats/address.php

    Hope this helps.

    You also might want to try out the tool I covered in the AO Newsletter #6 on your home LAN. It should give you an idea of what an Admin might be facing with MITM type of attacks.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Junior Member
    Join Date
    May 2002

  4. #4
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002
    Hello freestyler.

    Check out what i found for you.

    The man in the middle forgery attack depends on being able to carry out a complete conversation while claiming to be the trusted host. In order to do this, the attacking machine needs to be able to not only send you packets, but also intercept the packets you reply with. To do this, the attacker needs to do one of the following: Insinuate the attacking machine into the path between you and the real machine. This is easiest to do near the ends of the path, and most difficult to do somewhere in the middle, because given the nature of modern IP networks, the path through "the middle" can change at any second. Alter the path between the machines so it leads through the attacking machine. This may be very easy or very difficult, depending on the network topology and routing system used by your network, the remote network, and the Internet service providers between those networks. Although this kind of attack is called "man in the middle", it's relatively rare for it to actually be carried out in the middle (external to the sites at each end) because nobody but a network provider is in a position to carry it out in that way, and network providers are rarely compromised to that extent. (People who compromise network providers tend to be working on quantity. Packet sniffing will give them many hosts rapidly, but man in the middle attacks give them only one site at a time.) These attacks tend to be problems only if one of the involved sites has hostile users who have physical access to the network (for example, this might be the case if one site is a university).
    This information was taken from:

    Oreilly's, building internet firewalls 2nd edition
    by Elizabeth D. Zwicky, Simon Cooper and D. Brent Chapman
    ISBN: 1-56592-871-7
    Second edition, published June 2000.

    I hope this helps you.

    Ubuntu-: Means in African : "Im too dumb to use Slackware"

  5. #5
    Senior Member
    Join Date
    May 2002
    Dont know if this is what you are chasing, but there is a write up on DNS Cache Poisoning here:


    there is also a few reference links off this article.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts