A blog talking about Man in the Middle attacks and ARP Spoofing.
What is a Man in the Middle attack?
To start this off, we need to first talk about what exactly are these types of attacks. A Man in the Middle attack requires 3 or more people/businesses communicating. When one person is trying to communicate with another, there could be someone in between that hears/sees the communication attempt first, giving them all the info that was only meant for the other person. That person is the man in the middle, getting all the info between the two communicating, without either of them knowing. There are multiple types of Man in the Middle attacks, such as IP spoofing, email hijacking, Wi-Fi eavesdropping, etc…
There are different types of Man in the Middle attacks, but they all have the same basis. Which is to get access into your information that was meant to be sent to someone else. A typical one is when they try to pretend to be someone that they are not, such as them sending an email to you, saying they are your bank and that they need your banking information. Another typical one is them giving out free Wi-Fi so that if you connect and use it, they can see everything that you are sending and retrieving on it.
How do you avoid a Man in the Middle attack?
The best ways to avoid it is to always be cautious of suspicious emails, downloads, and connections(such as Wi-Fi). It would be best to just avoid any kind of free Wi-Fi, even if it says it’s from a business because that could just be someone pretending to be that business. Make sure that if you see an email that is saying that they need any kind of information, be careful and confirm with them by phone or in person that they are actually the ones sending the email. When it comes to downloading files and apps, only do it from legitimate sites and never click on links that you are not sure about. Having a virus protector on your computer is also useful since it will tell you if something is fishy with a download. Remember that it is always better to be safe than sorry.
What is ARP spoofing?
ARP spoofing is when the attacker sends a spoofed Address Resolution Protocol(ARP) message to the victim's local area network. The reason why is because they are trying to get the victims MAC address associated with a different user’s IP address. The reason for this is so that any traffic that was meant to be sent to that IP address is redirected to the attacker so that they can get the info that was meant for the victim.
ARP spoofing gives the attacker the ability to intercept data frames, modify traffic, and just stop all the traffic in general on the network. This is used often because it can also lead to other attacks, such as denial of service, Man in the Middle, session hijacking, etc… Hence the name, This type of attack can only work on local area networks that use the Adress Resolution Protocol.
How can I protect myself from ARP spoofing?
One way is to use a packet filter. Packet filters are able to detect and block packets with conflicting source addresses, meaning it will block packets from outside the network that shows a source address from inside the network. Avoid trust relationships because they only use IP addresses for authentication, which makes it easier for the attackers to use ARP spoofing. Obviously, use some type of ARP spoofing detection software. There are many out there, and they usually work by inspecting the data before it is transmitted and blocking any kind of data that appears to be spoofed. Another thing you can do to protect yourself is to use cryptographic network protocols. Things such as Transport Layer Security (TLS), Secure Shell (SSH), HTTP Secure (HTTPS), etc… They prevent ARP spoofing by encrypting data before it is transmitted and authenticating data when it is received.
___________________________________________________________________
Thanks for taking the time to read my blog :)
If you have more time, check out my other blogs in the links down below.
