tcp/routing question...
Bob Chiodini
rchiodin at bellsouth.net
Tue Jun 7 16:08:54 UTC 2005
On Tue, 2005-06-07 at 11:53 -0400, Scot L. Harris wrote:
> On Tue, 2005-06-07 at 11:18, bruce wrote:
> > are you sure about this...??
> >
> > here's my question...
> > client (a) --->>>> bank server (b)
> > client (a) <<<--- bank server (b)
> >
> > if server b gets the data/information from 'a', server 'b should get ip
> > address 1.2.3.4, which is the real ip address of client 'a'.
> >
> > is there away for a mitm server, to get in the middle, manipulate the data
> > from 'a' to 'b', send the data to 'b' and spoof the ip address to look as
> > though the data came from 'a'..
> >
> > -bruce
>
> Short answer yes. The idea of a MITM attack is that somehow the
> attacker has inserted a system or redirected your systems traffic
> through a intermediate system. The middle system acts as a proxy. It
> can be capable of rewriting the packets going between the two systems
> under attack. The middle system will handshake with each of the other
> systems and relay packets between so you won't know it is there. At
> that point it will collect information or can modify the packets going
> through for what ever purpose.
>
> The difficulty is in getting a system inserted into such a position. It
> typically requires physically inserting a system in the path unless the
> attacker is able to mess with the end systems proxy settings and
> redirect things that way.
>
>
> --
> Scot L. Harris
> webid at cfl.rr.com
>
> "For the love of phlegm...a stupid wall of death rays. How tacky can ya get?"
> - Post Brothers comics
>
Another possibility is a worm or virus that usurps the network stack to
manipulate the packets. No physical machine would be needed in the
network path, but the results would be the same. I guess this would be
sort of "man on the side". IIRC this is how Cisco's VPN client works,
but in a good (at least not a bad) way.
Bob...
More information about the fedora-list
mailing list