20-02-2017, 11:37 AM
In computer security, a man attack in the middle is an attack where the attacker secretly transmits and possibly alters communication between two parties who believe that they are communicating directly with each other. Man attacks in the middle can be thought through a chess analogy. Mallory, who barely knows how to play chess, claims he can play two great masters simultaneously and win a game or draw both. She waits for the first great teacher to make a move and then makes this same move against the second great teacher. When the second great teacher responds, Mallory does the same game against the first. She plays the whole game this way and can not lose the use of this strategy unless she encounters difficulties over time due to the slight delay between the retransmissions movements. A man attack in the middle can be used against many protocols. An example of middle man attacks is active listening, in which the attacker establishes independent connections with the victims and transmits messages between them to make them believe that they are talking directly to each other through a private connection, when in fact the The whole conversation is controlled by the attacker. The attacker must be able to intercept all relevant messages that pass between the two victims and inject new ones. This is simple in many circumstances; For example, an attacker within the receiving range of the wireless access point can be inserted as a man in the middle.
As an attack that seeks to circumvent mutual authentication, or lack thereof, a man in the midst of attack can only succeed when the attacker can impersonate each end to his satisfaction as expected from the legitimate final. All protocols include some form of endpoint authentication specifically to prevent attacks. For example, authentication is sent to one or two parties using a mutually trusted authority certificate.
As an attack that seeks to circumvent mutual authentication, or lack thereof, a man in the midst of attack can only succeed when the attacker can impersonate each end to his satisfaction as expected from the legitimate final. All protocols include some form of endpoint authentication specifically to prevent attacks. For example, authentication is sent to one or two parties using a mutually trusted authority certificate.