Man-in-the-middle Attack

In a man-in-the-middle attack, the attacker places himself between the source and destination to eavesdrop on communications, or to modify traffic before it reaches the destination.

A common example is ARP spoofing, also known as ARP poisoning.

A host sends an ARP request, asking for the MAC address of another device.

The target of the request sends an ARP reply, informing the requester of its MAC address.

The attacker waits and sends another ARP reply after tjhe legitimate replier.

If the attacker's ARP reply arrives last, it will overwrite the legitimate ARP entry in Pc1's ARP table.

In PC1's ARP table, the entry for 10.0.0.1 will have the attacker's MAC address.

When PC1 tries to send traffic to SRV1, it will be forwarded to the attacker instead.

The attacker can inspect the messages, and then forward them on to SRV1.

The attacker can also modify the messages before forwarding them to SRV1.

This compromises the Confidentiality and Integrity of communications between PC1 and SRV1.

PreviousReflection/Amplification Attacks NextReconnaissance Attacks

Last updated 1 year ago