Languagesx
English Deutsch Español Français Italiano Nederlands Norsk Polski Suomeksi Svenska 한국어 日本 عربي

Man-in-the-Middle Attack

Why Trust Techopedia

What Does Man-in-the-Middle Attack Mean?

A man-in-the-middle (MITM) attack is a form of eavesdropping where communication between two users is monitored and modified by an unauthorized party. Generally, the attacker actively eavesdrops by intercepting a public key message exchange and retransmits the message while replacing the requested key with his own.

Advertisements

In the process, the two original parties appear to communicate normally. The message sender does not recognize that the receiver is an unknown attacker trying to access or modify the message before retransmitting to the receiver. Thus, the attacker controls the entire communication.

This term is also known as a janus attack or a fire brigade attack.

Techopedia Explains Man-in-the-Middle Attack

MITM is named for a ball game where two people play catch while a third person in the middle attempts to intercept the ball. MITM is also known as a fire brigade attack, a term derived from the emergency process of passing water buckets to put out a fire.

The MITM intercepts communications between two systems and is performed when the attacker is in control of a router along normal point of traffic. The attacker in almost all cases is located on the same broadcast domain as the victim. For instance, in an HTTP transaction, a TCP connection exists between client and server. The attacker splits the TCP connection into two connections – one between the victim and the attacker and the other between attacker and the server. On intercepting the TCP connection, the attacker acts as a proxy reading, altering and inserting data in intercepted communication. The session cookie reading the HTTP header can easily be captured by the intruder.

In an HTTPS connection, two independent SSL connections are established over each TCP connection. An MITM attack takes advantage of the weakness in network communication protocol, convincing the victim to route traffic through the attacker instead of normal router and is generally referred to as ARP spoofing.

Advertisements

Related Terms

Margaret Rouse
Editor
Margaret Rouse
Editor

Margaret jest nagradzaną technical writerką, nauczycielką i wykładowczynią. Jest znana z tego, że potrafi w prostych słowach pzybliżyć złożone pojęcia techniczne słuchaczom ze świata biznesu. Od dwudziestu lat jej definicje pojęć z dziedziny IT są publikowane przez Que w encyklopedii terminów technologicznych, a także cytowane w artykułach ukazujących się w New York Times, w magazynie Time, USA Today, ZDNet, a także w magazynach PC i Discovery. Margaret dołączyła do zespołu Techopedii w roku 2011. Margaret lubi pomagać znaleźć wspólny język specjalistom ze świata biznesu i IT. W swojej pracy, jak sama mówi, buduje mosty między tymi dwiema domenami, w ten…

Related News

dummy_img
Featured Content

Pepe Unchained Presale Sparks FOMO with Layer-2 Chain – ​​The Next Big Meme Coin of 2024?

Eric Dunne6 hours
dummy_img
Featured Content

June Meme Wipe Out Sale: Pepe Coin, KAI Coin Emerge As A Bargain

Eric Dunne6 hours
dummy_img
Artificial Intelligence

AI Deepfakes Expose Children to Online Exploitation: How to Stay Safe?

John Raspin17 hoursTechnology Journalist
dummy_img
Emerging Technology

How Man-Made Technomass Outweighs All Living Things

Ray Fernandez17 hoursSenior Technology Journalist
dummy_img
Investing

Who Owns ChatGPT? Key Stakeholders of the #1 AI Chatbot

Tim Keary23 hoursTechnology Specialist
dummy_img
Artificial Intelligence

AI in Business Continuity Management, Expert Insights 2024

Linda Rosencrance2 daysTechnology journalist

Popular Categories
Show All

Antivirus
Antivirus
Artificial Intelligence
Artificial Intelligence
Audio
Audio
CRM
CRM
Cryptocurrency
Cryptocurrency
Gambling
Gambling
Gaming
Gaming
HR
HR
Investing
Investing
Laptops
Laptops
Network
Network
Password Managers
Password Managers
Project Management
Project Management
Spy
Spy
VoIP
VoIP
VPN
VPN