Man-In-The-Middle Attacks
Man-in-the-middle attacks cover situations in which the attacker is able to intercept packets that are crossing a network, modify or falsify the information in those packets, and then reinject the modified packets into the network. These attacks can be used to capture sensitive information, hijack ongoing sessions, create DoS occurrences, corrupt transmitted data, or introduce new, typically false, information into network sessions.An example of a man-in-the-middle attack is shown in Figure 7-1. Here, the attacker intercepts and establishes a communication link with the web server client on the left in step 1. This can be done by spoofing the IP address of the real web server, WWW, in the client's DNS server in Figure 7-1. When the client queries the DNS server for the IP address of the web server, WWW, the DNS server responds with the IP address of the attacker's host. The attacker's host is running a web server with web pages that are identical, or nearly identical, to the web pages on the real web server, WWW. The client connects to the attacker's web server and inputs their information, as shown in step 2. The attacker's host then connects to the real web server, WWW, establishes a connection, and relays the client information to the server in step 3. The response from the server is then relayed back to the client system in steps 4 and 5.
Figure 7-1. Man-In-The-Middle Attack
