background preloader

Man-in-the-middle attack

Man-in-the-middle attack
In cryptography and computer security, a man-in-the-middle attack (often abbreviated to MITM, MitM, MIM, MiM or MITMA) is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other. One example is active eavesdropping, in which the attacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all relevant messages passing between the two victims and inject new ones. This is straightforward in many circumstances; for example, an attacker within reception range of an unencrypted Wi-Fi wireless access point, can insert himself as a man-in-the-middle.[1] Example of an attack[edit] Illustration of man-in-the-middle attack. Suppose Alice wishes to communicate with Bob. 1.

Network packet Formatted unit of data carried by a packet-switched network Terminology[edit] Architecture[edit] The basis of the packet concept is the postal letter: the header is like the envelope, the payload is the entire content inside the envelope, and the footer would be your signature at the bottom.[3] Network design can achieve two major results by using packets: error detection and multiple host addressing.[4] Framing[edit] Communications protocols use various conventions for distinguishing the elements of a packet and for formatting the user data. Contents[edit] A packet may contain any of the following components: Addresses The routing of network packets requires two network addresses, the source address of the sending host, and the destination address of the receiving host. Error detection and correction Error detection and correction is performed at various layers in the protocol stack. At the transmitter, the calculation is performed before the packet is sent. Hop limit Length Protocol identifier

Internet Protocol Communication protocol that allows connections between networks The Internet Protocol (IP) is the network layer communications protocol in the Internet protocol suite for relaying datagrams across network boundaries. Its routing function enables internetworking, and essentially establishes the Internet. IP was the connectionless datagram service in the original Transmission Control Program introduced by Vint Cerf and Bob Kahn in 1974, which was complemented by a connection-oriented service that became the basis for the Transmission Control Protocol (TCP). The Internet protocol suite is therefore often referred to as TCP/IP. The first major version of IP, Internet Protocol Version 4 (IPv4), is the dominant protocol of the Internet. Function[edit] Version history[edit] IP versions 1 to 3 were experimental versions, designed between 1973 and 1978.[5] The following Internet Experiment Note (IEN) documents describe version 3 of the Internet Protocol, prior to the modern version of IPv4:

Computer network Network that allows computers to share resources and communicate with each other History Computer networking may be considered a branch of computer science, computer engineering, and telecommunications, since it relies on the theoretical and practical application of the related disciplines. Computer networking was influenced by a wide array of technological developments and historical milestones. Use Computer networks enhance how we communicate with each other by using various electronic methods like email, instant messaging, online chat, voice and video calls, and video conferencing. Network packet Most modern computer networks use protocols based on packet-mode transmission. The physical link technologies of packet networks typically limit the size of packets to a certain maximum transmission unit (MTU). Network topology Common topologies are: The physical layout of the nodes in a network may not necessarily reflect the network topology. Overlay network Network links Wired Wireless Routers

Spoofing attack In the context of information security, and especially network security, a spoofing attack is a situation in which a person or program successfully masquerades as another by falsifying data, to gain an illegitimate advantage. Spoofing and TCP/IP[edit] Referrer spoofing[edit] Some websites, especially pornographic paysites, allow access to their materials only from certain approved (login-) pages. This is enforced by checking the referrer header of the HTTP request. Poisoning of file-sharing networks[edit] Caller ID spoofing[edit] Public telephone networks often provide caller ID information, which includes the caller's number and sometimes the caller’s name, with each call. E-mail address spoofing[edit] E-mail address spoofing is done in quite the same way as writing a forged return address using snail mail. GPS spoofing[edit] Russian GPS spoofing[edit] GPS Spoofing with SDR[edit] Preventing GPS spoofing[edit] There are different ways to prevent GPS spoofing. Obscure antennas. See also[edit]

Related: