Hi TürkHackTeam family, today Im going to show you "Man Attack in the Middle [MITM]." Let's look at the topic and move on.
Subject Headings
What is the Man Attack in the Middle [MITM]?
What is the ARP Spoofing?
What is the DNS Spoofing?
Man Attack in the Middle [MITM] Protection Ways
Let's strengthen the password of our network!
MAC Filtering
Don't Connect to Unwanted Wireless Networks
Login to HTTPS Sites
Preventing DHCP Attacks
What is the Man Attack in the Middle [MITM]?
It is the listening process by infiltrating between two devices in Turkish (there may be more). This listening process can be done with many tools. The attacker can access the data he wants by listening.
MITM has many alternatives. So let's say that a user has sent an login request to the server, but before it goes to the server, the attacker drops to the screen of the attacker and receives the login information from the attacker and directs the user to the server.
Another attack is directed to the same server type (which can be done as a fake script) created by the attacker before the user reaches the server. If the user does not look at the site carefully, he enters the login information directly and is attacked by the attacker.
Let's talk about what ARP Spoofing attack we will see in these attack techniques.
What is the ARP Spoofing?
What is ARP? ARP is a protocol that contains information such as server identification, packet identification, packet contents, requests, duration of requests in communication between 2 or more computers / devices. This protocol takes this data and transmits it to the server.
ARP Spoofing is the listening to the data going to the server. It is the capture of information, such as to whom it is going. Normally, the data will reach the server, but we will intervene and direct it to the server first.
What is the DNS Spoofing?
What is DNS? DNS is the system that connects the domain name (such as www.turkhackteam.org) to the IP address. It works over UDP and TCP. DNS Spoofing is also referred to as DNS poisoning. Changing the domain name or undermining the victim's computer to the attacker's IP address. You will see it as if you are entering the site you want, but you will actually go to the IP address specified by the attacker.
Communication between a normal computer-server is like this;
But communication with MITM is like this;
How can we be protected from the MITM attack?
Man Attack in the Middle [MITM] Protection Ways
Let's strengthen the password of our network!
What we said above is always between the server and the computer to make the attack, so we need to be in our network. From here we understand that we need to strengthen the password of our network.
MAC Filtering
The MAC address of each device is unique. If you perform MAC filtering on your network, the devices you allow can only navigate the network, except those that cannot do any listening or surfing.
Don't Connect to Unwanted Wireless Networks
Connecting to an unencrypted network is very wrong. As soon as you enter, you will be walking around in the palm of that person's hand. An attacker can redirect you to the site you want, or you can watch a site enter a password.
Login to HTTPS Sites
HTTPS means that sites that have SSL certificates establish secure communications. But every SSL site will be safe in the site you have received such a thing today. They now receive SSL support for their sites in Olging attacks and provoke users. This should be noted.
Preventing DHCP Attacks
There is a DHCP Snooping feature in the network settings. If you enable this, data from unsafe, suspicious ports will be blocked.
By taking these precautions, you can be protected from MITM attack.
This is the end, friends, will be able to discuss in another article ...
Subject Headings
What is the Man Attack in the Middle [MITM]?
What is the ARP Spoofing?
What is the DNS Spoofing?
Man Attack in the Middle [MITM] Protection Ways
Let's strengthen the password of our network!
MAC Filtering
Don't Connect to Unwanted Wireless Networks
Login to HTTPS Sites
Preventing DHCP Attacks
What is the Man Attack in the Middle [MITM]?
It is the listening process by infiltrating between two devices in Turkish (there may be more). This listening process can be done with many tools. The attacker can access the data he wants by listening.
MITM has many alternatives. So let's say that a user has sent an login request to the server, but before it goes to the server, the attacker drops to the screen of the attacker and receives the login information from the attacker and directs the user to the server.
Another attack is directed to the same server type (which can be done as a fake script) created by the attacker before the user reaches the server. If the user does not look at the site carefully, he enters the login information directly and is attacked by the attacker.
Let's talk about what ARP Spoofing attack we will see in these attack techniques.
What is the ARP Spoofing?
What is ARP? ARP is a protocol that contains information such as server identification, packet identification, packet contents, requests, duration of requests in communication between 2 or more computers / devices. This protocol takes this data and transmits it to the server.
ARP Spoofing is the listening to the data going to the server. It is the capture of information, such as to whom it is going. Normally, the data will reach the server, but we will intervene and direct it to the server first.
What is the DNS Spoofing?
What is DNS? DNS is the system that connects the domain name (such as www.turkhackteam.org) to the IP address. It works over UDP and TCP. DNS Spoofing is also referred to as DNS poisoning. Changing the domain name or undermining the victim's computer to the attacker's IP address. You will see it as if you are entering the site you want, but you will actually go to the IP address specified by the attacker.
Communication between a normal computer-server is like this;
But communication with MITM is like this;
How can we be protected from the MITM attack?
Man Attack in the Middle [MITM] Protection Ways
Let's strengthen the password of our network!
What we said above is always between the server and the computer to make the attack, so we need to be in our network. From here we understand that we need to strengthen the password of our network.
MAC Filtering
The MAC address of each device is unique. If you perform MAC filtering on your network, the devices you allow can only navigate the network, except those that cannot do any listening or surfing.
Don't Connect to Unwanted Wireless Networks
Connecting to an unencrypted network is very wrong. As soon as you enter, you will be walking around in the palm of that person's hand. An attacker can redirect you to the site you want, or you can watch a site enter a password.
Login to HTTPS Sites
HTTPS means that sites that have SSL certificates establish secure communications. But every SSL site will be safe in the site you have received such a thing today. They now receive SSL support for their sites in Olging attacks and provoke users. This should be noted.
Preventing DHCP Attacks
There is a DHCP Snooping feature in the network settings. If you enable this, data from unsafe, suspicious ports will be blocked.
By taking these precautions, you can be protected from MITM attack.
This is the end, friends, will be able to discuss in another article ...
