Attack in the Middle is a type of attack defined as listening, directing, and changing the traffic between the target in a network and the network elements (server, router, or modem).
Since the MITM Attacks take place in the 2nd layer in the OSI model, the attacker can dominate all traffic after success. This dominance is unlimited, from encrypted “https” traffic to unencrypted traffic. It is a well-known attack type in network security and protection is the least attack type.
As an example, we can say that they are carrying out this attack by introducing themselves as police officers who take valuable items such as money, etc. :)). Of course
So what are the other tier 2 attacks?
Mac Address Attack VLAN Hopping Attacks Spanning-Tree Protocol MAC Spoofing Attack ARP Spoofing Attack CDP Vulnerability
For attackers to succeed in MITM attacks, the victim must direct the victim to the proxy server rather than the actual server. The following scenarios are implemented in this;
Attacks on the Local Network
ARP Poisoning: The attacker presents itself as a target with a false ARP Request framework. Thus, the packets that will go to the real target come towards the attacker. The attacker maps the MAC Address to the target computer's table as 'Network Device MAC Address'. This way traffic starts to flow over itself.
DNS Spoofing (DNS Cache Poisoning, Deception): DNS cache poisoning is caused by returning the wrong IP addresses of the name server and changing traffic to another computer (often the attacker's computer) by adding data to or changing the data there. attack.
Port Stealing: The attacker uses the MAC address of the target server as the source address, creating a false ARP framework. The switch is fooled by assuming that the victim computer is actually connected to the port to which an attacker is connected. Thus, all data frames sent for the victim's computer are sent to the attacker's switch port.
STP Mangling: It is an attack-type that prevents the STP protocol from working and sends a request for continuous topology change.
Attacks from the Local Network to the Remote Network Through Gateway
ARP Poisoning (ARP Poisoning)
DNS Spoofing (DNS Cache Poisoning, Deception)
DHCP Spoofing: The attacker acts as a DHCP server, distributes IP to victim computers, and gives its own address as a gateway. In this way, network traffic flows through itself.
ICMP Redirection: Published ICMP Redirect messages are attack methods used by attackers to attack their traffic.
IRDP Spoofing: The ICMP Router discovery protocol allows the host to discover the IP address of active routers. The attacker sends the IRDP router advertisement message on the dummy network to the host on the subnet, causing it to change its default router.
Route Mangling: The attacker cheats that gateway is the best route for the client on the internet by sending fake packets. The packets are forwarded directly to the client without interrupting the gateway.
Attacks on the Remote Network
DNS Poisoning (DNS Poisoning)
Traffic Tunneling: It is a type of attack that allows an attacker to create a tunnel and place itself on the internal network.