Question

Man-in-the-middle is one of the most popular types of attack. It can be used to sniff victims’ credentials to penetrate their system. Research the following attacks to find methods to prevent this from happening: Please have detailed answers!

? MAC spoofing ? DNS poisoning ? DNS spoofing ? ICMP redirect

Answer 1

Answer:

Man in the middle attack (MITM)

In today’s time, Man in the middle attack (MITM) is one of the most common and dangerous attacks. In this attack, the hackers try to get between two user conversation on the internet. In terms of user, there are many ways by which user try to communicate with each other like E-mail, video chat, audio chat etc. When the attacker forcefully gets inside the conversation of two users, the user does not get to know about the attacker and user think that their conversation is private between two parties only. The only way that user get to know about the attacker is when the attacker makes some kind of modification in their chat then the only user will get to know otherwise there is no way that user gets to know about the attack.

There are many types of Man in the middle attack, and here is some type of common MITM attack:

• Mac Spoofing
• DNS Poisoning
• DNS Spoofing
• ICMP redirect

Mac Spoofing:

MAC (Media Access Control) Spoofing a way by which attacker which change the default assigned address of the system to new address on the network device. MAC address of a system is coded and cannot be changed. But there are tools which can change the MAC address of the system. This is done to change the identity of a network system. By this hacker can hide their identity in networking world.

Privations:

For MAC spoofing NAC (Network access control) is a device which uses a set of protocols which allows controlling the network access. In this when a user connects to a network, NAC system will not permit to access anything unless it is authorized by the user for home or business and this also include anti-virus protection, internet security etc.

  

DNS Spoofing:

DNS (Domain Name service) spoofing occurs a DNS server is being recorded as spoofed or edited without the owner permission. This can be done in multiple ways like redirecting traffic to another website. Make a fake website and all the traffic of the original website will be redirected to the fake website.

DNS Poisoning:

DNS (Domain Access Control) Poisoning is also known as DNS cache poisoning and it is a type of attack which exploits all the vulnerabilities in a DNS system and it redirects all the traffic of that particular website to another website or fake website.

Privations for DNS Spoofing and DNS Poisoning:

Initially the website IT team should configure the DNS server with less in configure with other DNS server it will increase the difficulty of attack to use their own DNS server to corrupts your system. DNS system use BIND 9.5.0 which has greater security for the server and update the BIND to this version or above. It helps in cryptographically secure the transition ID on the website.

For more security on DNS spoofing and DNS poisoning here are some of more solution:

• In website restrict recursive queries.
• Limit query response to only provided information
• In the website store data which is related to the particular server.

ICMP redirect:

Internet control message protocol (ICMP)

This attack is an attack which is similar to DOS (denial-of-service) attack in which very high number of ICMP attack packets with victims being spoofed user IP and is broadcast to another computer network using the IP broadcast address.

Privations:

Block all the unwanted IP which is not reliable and always check the system and try to update the system for better security because all the time there are many new types of attacks coming hence updating may increase the probability of less attacking on your system. Always try to analyze your system regularly.

Hope this helps....

Good Luck...!!