What is Man in the middle (MITM) attack?
A man-in-the-middle (MITM) attack is same as its name recommends, the attacker is in the middle of an ongoing communication between two Users. This attack makes the network vulnerable for sniff the packets to collect personal information, and also do the modification of the packets. This attack can be used to steal the http, email, telnet, ftp and the other type of information which are transmitting over the wired or wireless communication. There are the so many methods for performing MITM attack. In this blog we use the ARP poisoning method to perform MITM.
What is the ARP Poisoning attack?
ARP poisoning is a cyber-attack which is performed out over a network that sends malicious ARP reply packets to victims for make a wrong entry in ARP table so victim’s traffic redirect through the attacker’s machine.
How to Perform ARP Poisoning Attack?
- Enable IP forwarding: it allows to forward the packet to actual destination
2. Perform ARP Poisoning: Inject ARP Reply to both victims HOST-A and HOST-B
- -i interface name (it’s may be different in your case)
- -c connection Type
- -t and -r your victims
3. Open Wireshark and start on your interface which is connected with the network
4. Put the following filter ip.addr==192.168.1.111& ip.addr==192.168.1.112
5. Suppose Host-B access the FTP server that a running on HOST-A
6. Find the packets in Wireshark
You can find your victims username and password in Wireshark captured packets.
How Can You Protect Your Networks from This Attacks?
This attack is very harmful for your network communication, So There are some technologies which can help you to protect from these types of attacks.
- Encryption: Use the encryption technique to protect your confidential information.
- Secure Protocol: Use a secure protocol in your communication like HTTPS, SFTP, SSH etc.
- Port-security: Bind switch port with MAC address so an unauthorized person will not connect with your network and set Violation.