With the advancement of technology, the cyber world has grown in parallel, resulting in a wide variety of cyber attacks. One of the most popular and commonly used attack types is the Man-In-The-Middle (MITM) attack.
In a Man-In-The-Middle attack, the communication between two connections is intercepted with the intention of eavesdropping on the communication, capturing sensitive data, disrupting the communication between the two parties, or manipulating the communication through various methods.
Public Wi-Fi networks, often found in cafes and restaurants, are particularly vulnerable environments for MITM attacks. In such shared access points, attackers can redirect all network traffic through their own devices. This allows them to easily capture personal information, passwords, and even bank account details. Therefore, discontinuing the use of public Wi-Fi networks is one of the simple precautions to protect oneself from this type of attack.
MITM attacks involve the attacker inserting themselves between the target and the network elements to perform actions such as eavesdropping and information theft. There are multiple methods for executing these attacks, and some of them include:
1. Attacks conducted over the local network:
DNS Spoofing: Manipulating or adding data to a DNS server’s cache database, resulting in network traffic being redirected to other computers.
ARP Poisoning: The attacker presents themselves as a fake ARP request, making them the target. As a result, packets are sent to the attacker. The attacker maps their MAC address to the target device’s “Network Device MAC address,” causing all network traffic to pass through the attacker.
STP Mangling: A type of attack that disrupts the operation of the Spanning Tree Protocol (STP) and constantly sends topology change requests.
Port Stealing: The attacker creates a fake ARP frame, using the target server’s MAC address as the source address. This tricks the switch into thinking that the target computer is connected to the attacker’s port. As a result, all data is sent to the attacker’s switch port.
2. Attacks conducted from the local network to the remote network via the Gateway:
- IRDP Spoofing
- DNS Spoofing
- ARP Spoofing
- ICMP Redirection
- Route Mangling
- DHCP Spoofing
3. Attacks conducted from the remote network:
- Route Mangling
- Traffic Tunnelling
- DNS Poisoning
One simple measure to mitigate this type of attack is implementing strong authentication. As you can see, MITM attack methods can be carried out through various remote and local means. Detecting MITM attacks can be challenging, so it is advisable to seek assistance from cyber security experts or firms with expertise in this field.