Re: Understanding Man-In-The-Middle Attacks

[Dan Crowley <dcrowley () coresecurity com>]

To clarify, this is only showing how to use tools to execute an ARP
spoofing attack. There are other methods to launch a man-in-the-middle
attack such as DNS spoofing. It's even possible to launch a physical
MitM attack! One of my favorite examples of MitM attacks is the
Aspidistra radio station used in a MitM attack during World War II.

For information about what a MitM attack is in general as well as other
examples, take a look at
http://en.wikipedia.org/wiki/Man-in-the-middle_attack.
--
Daniel Crowley, CICP, GCIH
Technical Specialist
Core Security Technologies
Direct: +1 (617) 695-1151
Fax: +1 (617) 399-6987

"All the forces in the world are not so powerful as an idea whose time
has come." - Victor Hugo


On 11/2/2010 5:09 PM, Adam Behnke wrote:
> Hi everyone, a few instructors here at InfoSec Institute have put together a
> short presentation and video tutorial on how to perform a Man-In-The-Middle
> (MitM) attack. You can view the presentation that diagrams out how a MitM
> attack works:
>
> http://resources.infosecinstitute.com/man-in-the-middle-demystified/
>
> You can also view a how-to video tutorial that you can follow along with if
> you have a few virtual machines to play with on your local network:
>
> http://resources.infosecinstitute.com/video-man-in-the-middle-howto/
>
> In a pen test, it is important to learn how to do these attacks to intercept
> server to server communication, server to client communication, etc. 
>
> Coming soon we will demonstrate how to perform a MitM attack against SSL
> encrypted sessions. 
>
> Happy hacking! 
>
> InfoSec Institute
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
> and CEPT certs require a full practical examination in order to become certified. 
>
> http://www.iacertification.org
> ------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------