Common Cyber Attacks: Man-in-the-middle (Mitm) attack

A MitM attack happens when an intruder intercedes here between client and a server’s communications. An attacker hijacks a session between a trusting client and a network server in this form of MitM attack. While the server resumes the session, assuming it is connecting with the trusted client, the invading machine switches its IP address for the trusted client.

Ways in which a Session hijack may occur:

1. A client establishes a connection with a server.
2. Control of the client is transferred to the attacker’s monitor.
3. The client is disconnected from the server by the attacker’s machine.
4. The attacker’s computer spoofs the client’s sequence numbers and replaces the client’s IP address with its own.
5. The attacker’s program is talking to the server, and the server thinks it’s already talking to the recipient.

An attacker uses IP spoofing to persuade a device that it is dealing with a recognized, trustworthy person, allowing the attacker to gain access to the system. Instead of transmitting packets to a targeted server with its own IP access point, the attacker transmits with the IP source address of an established, trustworthy host. The packet will be accepted and acted upon by the target host.

A replay attack happens when an intruder intercepts and stores old messages before attempting to transmit them later by imitating one of the respondents. This form is quickly countered by using session timestamps or nonce (a random number or a string that changes with time). There is no certain technology or configuration that can block all MitM attacks.

Encryption and cryptographic certificates, in general, provide a powerful barrier against MitM threats, ensuring both the security and the legitimacy of correspondence. However, a man-in-the-middle attack may be introduced into the between of connectivity in such a way that encryption is rendered useless — for example, attacker “A” intercepts individual “P’s” public key and replaces it with his own public key.

Then, someone wishing to deliver an encryption key to P using P’s public key inadvertently uses A’s public key. As a result, A will encrypt the words intended for P and then return it to P, encrypted with P’s true public key, and P would never know that the message was breached. A may even change the message before resending it to P. As you can see, P is encrypting his data and believes it is secure, but it is not because of the MitM attack.