These attacks are pretty difficult. They are not born from Wireless Nework Hacking, but have existed for years, and have their roots in the wired networks.
Switches don't always prevent these attacks. Although a switch should separate where the data goes and makes sniffing harder, it's a little known fact that most switches have a firehose mode, which is when you overload the switch with too much data, it just starts acting like a hub. The biggest thing in the Man in the Middle attack is to trick the client to think that you are the server. This is usually done with either DNS poisoning or ARP poisoning. ARP poisoning can only be done on the local network, and basically you are telling the clients that you are the router, and to send all packets to you. DNS poisoning I think can only be done by getting access to the real dns server or tricking the client somehow to use you as the DNS server. Modifying the hosts file can work as well. (Note that it may be possible to poison local network WINS or Lanman (not sure what the correct term is) name resolution. I'm not exactly sure what point #3 is saying. You dont need to have hired a security expert in order for a hacker to get into your network and wreak havoc. I might be misunderstanding you though. Russ > -----Original Message----- > From: Kevin Aebig [mailto:[EMAIL PROTECTED] > Sent: Thursday, October 05, 2006 1:49 PM > To: CF-Talk > Subject: RE: Break it down for n00bs: security problems of non-SSL intrane > t? > > Maybe I'm a bit naïve in this department, but isn't the following pretty > well fact: > > 1 - MitM attacks were initially born from Wireless Network Hacking, not on > location. > 2 - A good business based Switch or Firewall, properly configured can and > will prevent / alert against most inhouse hacks / exploits. > 3 - The skills needed to pull a hack of this sort would basically mean > that > at one point your company hired a professional security expert, thus > opening > the door anyways? > > 99.9999% of computer users wouldn't know where to start when it comes to > hacking SSL. They don't understand the client / server communication nor > do > they understand the encryption algorithms. > > I've personally got a couple security guys I use to handle audits for my > clients and though they have ways of pulling this off, it's extremely > difficult... and it's all they do. > > !k > > -----Original Message----- > From: Dave Watts [mailto:[EMAIL PROTECTED] > Sent: Thursday, October 05, 2006 11:13 AM > To: CF-Talk > Subject: RE: Break it down for n00bs: security problems of non-SSL intrane > t? > > > Ok, I think I've made it clear that a mitm does not have to > > modify payloads in order to be successful ... > > Wouldn't the payloads need to be modified, if they're encrypted using SSL? > If you trick the client into talking to your machine instead of the > intended > host, and you present a certificate that isn't identical to the intended > host's certificate, you would need to decrypt the content with your > certificate. You'd then have to encrypt that content with the intended > host's certificate. While the actual data you're interested in reading > will > not have changed, the information in the packet you received from the > client > will not be the same as the information in the one you send to the > intended > host, right? That seems to me to be the behavior of a proxy, not a router. > Routers rewrite transport layer stuff, but you'd need to rewrite > application > layer stuff (I think those are the two relevent OSI layers, but I'm too > lazy > to check). > > And, I'm not trying to upset you or anything. I'm genuinely interested in > figuring this out. You mentioned previously that it would be possible to > either use the intended host's certificate or present a certificate of > your > own that doesn't trigger a warning message on the client. Did I understand > you correctly? If so, can you point to anything about that at all? If not, > I > apologize for misinterpreting you. Thanks! > > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > > Fig Leaf Software provides the highest caliber vendor-authorized > instruction at our training centers in Washington DC, Atlanta, > Chicago, Baltimore, Northern Virginia, or on-site at your location. > Visit http://training.figleaf.com/ for more information! > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:255704 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
