A Man In The Middle Attack Computer Science Essay

A Man In The Middle Attack Computer Science Essay Today computer networks are used to transmit large amounts of data which may or may not contain sensitive information. Within this document I will be discussing ways in which your networks may become venerable to attacks. Man in the middle attacks, spanning tree attacks, security issues related to trunking, and security issues relating to identity spoofing. What is a Man in the middle attack? Man in the middle attack is a name given to a type of attack where the person intercepts communication being sent across a data network. This type of attack is also known as a Bucket-brigade attack, Fire brigade attack, Monkey-in-the-middle attack, Session hijacking, TCP hijacking, TCP session hijacking etc. Man in the middle attack is an attack that is usually performed on a internal network. Man in the middle attacks are where hackers introduce a rouge device onto the network then intercept communication between two network devices. This is done by sending out a series of ARP requests and ARP responses to two devices making them think that they are talking to each other. An example of a man in the middle attack would consist of two hosts, host one and host two. The hacker would connect a rouge device, host three, most likely on the same switch that both host one and two are connected to. Once that he is able to communicate on the network he would then send out ARP requests and responses to both host one and two making them believe that he is the other host. This will make host one and two re-route there connection through host three. once host one and host two are communicating between each other via the new connection established by host three, the hacker will now be able to capture packets sent between them. Once an attacker has performed a man in the middle attack, they can use this in a number of ways for example Public Key Exchanging, Command Injection, Malicious Code Injection, Downgrade Attacks etc. There are many tools available that network managers will use in order to monitor their networks. These tools can also be used from a hackers point of view as they allow the hacker to capture packets that are being sent across the network. This essentially allows the hacker to see what you are doing. The following tools are commonly used for capturing and analysing network traffic by an attacker WiresharkÂÂ ® is a network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. It has a rich and powerful feature set and is world’s most popular tool of its kind. It runs on most computing platforms including Windows, OS X, Linux, and UNIX. Network professionals, security experts, developers, and educators around the world use it regularly. It is freely available as open source, and is released under the GNU General Public License version 2. http://wireshark.com Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis.