man-in-the-middle-attack question

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by soparanoid, Sep 4, 2008.

  1. soparanoid

    soparanoid Addicted to LI Member

    what are the limitations of the MITM attack?

    can one "spoof" an arp packet from across the internet?

    can one "spoof" the WAN interface on the RVS4000 and intercept traffic between "it" and an intended server?
  2. heidnerd

    heidnerd LI Guru Member

    Spoofing -- on an INTERNAL networks using consumer grade switch routers is quite easy, spoofing on the INTRANET is a little more difficult - and implies that the network path between you and the "true" desired target have been compromised some how. The compromise could be done at any ISP, gateway, router, and dns server along the way. You have little control of those areas. However the good news is that when a major network device is compromised it often impacts many nodes and is often quickly detected and fixed.

    As for spoofing type attacks, misdirections, etc... do a google search of "border gateway protocol vulnerability", DNS vulnerability, Kaminsky, etc.

    If you can spoof traffic to go through a box that you control, you can of course log all packets, then with enough time crack any encrypted packets. You can also return false info -- i.e. MTM attack...

    All of this is public knowledge, so best defense -- regardless of the technology, operating system you use -- is to keep the patches current and be vigilant.

    Browsing and making transactions on the internet is no different than travelling to a foreign city known to host scam artists and pick pockets. Except of course that you've invited them into your home network!! So take same precautions...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice