On Tue, 2005-06-07 at 11:53 -0400, Scot L. Harris wrote: > On Tue, 2005-06-07 at 11:18, bruce wrote: > > are you sure about this...?? > > > > here's my question... > > client (a) --->>>> bank server (b) > > client (a) <<<--- bank server (b) > > > > if server b gets the data/information from 'a', server 'b should get ip > > address 1.2.3.4, which is the real ip address of client 'a'. > > > > is there away for a mitm server, to get in the middle, manipulate the data > > from 'a' to 'b', send the data to 'b' and spoof the ip address to look as > > though the data came from 'a'.. > > > > -bruce > > Short answer yes. The idea of a MITM attack is that somehow the > attacker has inserted a system or redirected your systems traffic > through a intermediate system. The middle system acts as a proxy. It > can be capable of rewriting the packets going between the two systems > under attack. The middle system will handshake with each of the other > systems and relay packets between so you won't know it is there. At > that point it will collect information or can modify the packets going > through for what ever purpose. > > The difficulty is in getting a system inserted into such a position. It > typically requires physically inserting a system in the path unless the > attacker is able to mess with the end systems proxy settings and > redirect things that way. > > > -- > Scot L. Harris > webid@xxxxxxxxxx > > "For the love of phlegm...a stupid wall of death rays. How tacky can ya get?" > - Post Brothers comics > Another possibility is a worm or virus that usurps the network stack to manipulate the packets. No physical machine would be needed in the network path, but the results would be the same. I guess this would be sort of "man on the side". IIRC this is how Cisco's VPN client works, but in a good (at least not a bad) way. Bob...
