Intercept or modify data with a MitM attack

Man in the Middle (MitM) attacks against (cryptographic or application layer) protocols allow an adversary to proxy communication between two parties allowing any data to either be read or altered. Can be done after a session has been established, but is easier done before. After subverting the address infrastructure, any two-way SSL traffic needs to be decrypted.

  • When used for BGP session hijacking, DNS spoofing is likely not very useful because of hostnames not being used in router configurations.

Attack:

1 Gain write access to network segment of one or more peers (AND)

2 Subvert address infrastructure (AND)

2.1 IP spoofing (OR)
2.2 DNS spoofing (OR)

3 Decrypt (AND)

3.1 Spoof HTTPS (OR)
3.2 SSL BEAST (OR)
3.3 Hijack SSL (OR)

4 Proxy sessions


 
 
  • Last modified: 2019/11/02 11:24