man in the middle n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Man in The Middle PowerPoint Presentation
Download Presentation
Man in The Middle

Loading in 2 Seconds...

play fullscreen
1 / 15
anastasia

Man in The Middle - PowerPoint PPT Presentation

180 Views
Download Presentation
Man in The Middle
An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Man in The Middle Christopher Avilla

  2. What is a MiTM attack?

  3. Mallory in the Middle • Alice"Hi Bob, it's Alice. Give me your key"--> MalloryBob • AliceMallory"Hi Bob, it's Alice. Give me your key"--> Bob • AliceMallory <--[Bob's_key]Bob • Alice <--[Mallory's_key]MalloryBob • Alice"Meet me at the bus stop!"[encrypted with Mallory's key]--> MalloryBob • AliceMallory"Do not meet me!"[encrypted with Bob's key]--> Bob

  4. MiTM Attack Vectors

  5. ARP Cache Poisoning

  6. Tools for ARP Cache Poisoning

  7. Once in the middle…

  8. GSM Network MiTM • International Mobile Subscriber Identity (IMSI) • GSM equivalent to a username • Universal Software Radio Peripheral (USRP) • http://revision3.com/hak5/shmoocon2010

  9. Functional Weaknesses of System • Ability for base station to tell hand set that it will not get cipher • Plain text between phone and SIM card

  10. GSM Hand Shake • Secret Key in SIM Card • Base station sends 128 bit Random number • SIM Card concats 128 with Secret Key • Hashes the result and splits in two • Half is sent back to base station • Half is used for cypher A5 • A53 is 3G encryption

  11. OpenBTS • Hooks in to Asterisk (VoIP) • SIP proxy with voice changer • Target specific phone number and route all calls to 911 • Sniff all SIP packets and replay conversations http://openbts.sourceforge.net/

  12. Don’t be a Victim • Third Party Applications – AntiARP or XArp • http://www.raymond.cc/blog/archives/2009/08/07/protect-your-computer-against-arp-poison-attack-netcut/ • Look at your ARP table by ARP/a or ARP –a • Use static ARP tables • A fine tuned IDS will alert you when you’ve fallen • GSM phone should alert you when non-encrypted

  13. What are your Questions?

  14. Resources • http://en.wikipedia.org/wiki/Universal_Software_Radio_Peripheral • http://en.wikipedia.org/wiki/ARP_spoofing • http://www.irongeek.com/ • http://www.monkey.org/~dugsong/dsniff/faq.html • http://openmaniak.com/ettercap_filter.php • http://www.shmoocon.org/presentations-all.html • http://openbts.sourceforge.net/ • http://revision3.com/hak5/pineapples • http://revision3.com/hak5/shmoocon2010