MITM/Wired: Difference between revisions
From charlesreid1
No edit summary |
|||
| Line 1: | Line 1: | ||
Man in the middle attacks on wired networks. | |||
=Wired Networks= | =Wired Networks= | ||
On wired networks, we have a couple of different ways the network can be configured. | |||
==Network Neighbor== | ==Network Near Neighbor== | ||
The first scenario is that the attacker is a near-neighbor of the target. This means the attacker and the sheep that is the target of the attack are both connected directly to a router or network switch (see diagram below). | |||
[[Man in the Middle/Wired/ARP Poisoning]] - an ARP poisoning attack works in this case. | |||
<pre> | <pre> | ||
| Line 23: | Line 23: | ||
==Network Tap== | ==Network Tap== | ||
The network tap scenario is one in which the attacker must have physical access to the wired network. They are physically conducting a man-in-the-middle attack by using two network devices, one connected to the sheep, one connected to the gateway, '' | |||
See [[Man in the Middle/Wired/Network Tap]] page | See [[Man in the Middle/Wired/Network Tap]] page | ||
| Line 38: | Line 40: | ||
</pre> | </pre> | ||
==Other Attacks== | |||
[[Man in the Middle/Wired/Port Stealing]] | |||
[[Man in the Middle/Wired/DHCP Spoofing]] | |||
[[Man in the Middle/Wired/NDP Poisoning]] | |||
=Tools= | =Tools= | ||
Revision as of 16:54, 29 August 2015
Man in the middle attacks on wired networks.
Wired Networks
On wired networks, we have a couple of different ways the network can be configured.
Network Near Neighbor
The first scenario is that the attacker is a near-neighbor of the target. This means the attacker and the sheep that is the target of the attack are both connected directly to a router or network switch (see diagram below).
Man in the Middle/Wired/ARP Poisoning - an ARP poisoning attack works in this case.
+----[Target computer] | | +---[Attack computer] | | | | [Router]
This configuration requires a man in the middle attack to proceed by ARP spoofing, in which the attacker changes the router/network switch table that maps MAC addresses to IP addresses. This allows the attacker to send/receive traffic, and pass it through to another computer on the network (the target).
Network Tap
The network tap scenario is one in which the attacker must have physical access to the wired network. They are physically conducting a man-in-the-middle attack by using two network devices, one connected to the sheep, one connected to the gateway,
See Man in the Middle/Wired/Network Tap page
In the network tap setup, the attacker physically sits between the sheep and the network router or network switch:
+--------[Target computer]
|
|
[ Attack computer ]
|
|
[Router]
Other Attacks
Man in the Middle/Wired/Port Stealing
Man in the Middle/Wired/DHCP Spoofing
Man in the Middle/Wired/NDP Poisoning
Tools
Ettercap - for setting up and executing a man in the middle attack via ARP cache poisoning (among other methods)
Wireshark - for viewing packets and plaintext HTTP traffic during a man in the middle session
Driftnet - for viewing images during a man in the middle session
 |
monkey in the middle attacks in which an attacker tricks two parties into thinking they're communicating with each other, but both are communicating with the attacker.
Wireless Attacks: MITM/Wireless Wired Attacks: MITM/Wired
Layer 1 and 2 MITM Attacks: Network Tap: MITM/Wired/Network Tap Evil Twin Attack: Evil Twin · MITM/Evil Twin
Layer 3 and 4 MITM Attacks:
ARP Poisoning: MITM/ARP Poisoning Traffic Injection/Modification: MITM/Traffic Injection DNS Attacks: MITM/DNS · Bettercap/Failed DNS Spoofing Attack · Bettercap/Failed DNS Spoofing Attack 2 DHCP Attacks: MITM/DHCP WPAD MITM Attack: MITM/WPAD Port Stealing: MITM/Port Stealing Rushing Attack: MITM/Rushing Attack Attacking HTTPS: MITM/HTTPS
Session Hijacking: MITM/Session Hijacking
Toolz:
SSLSniff · SSLStrip · Frankencert
MITM Labs: {{MITMLabs}}
Category:MITM · Category:Attacks · Category:Kali Attack Layers Template:MITMLabs · Template:MITMFlag Flags · Template:MITMFlag · e |