1 / 15

Man in The Middle

Man in The Middle. Christopher Avilla. What is a MiTM attack?. Mallory in the Middle. Alice "Hi Bob, it's Alice. Give me your key" --> Mallory Bob Alice Mallory "Hi Bob, it's Alice. Give me your key" --> Bob Alice Mallory <-- [ Bob's_key ] Bob Alice <-- [ Mallory's_key ] Mallory Bob

anastasia
Download Presentation

Man in The Middle

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Man in The Middle Christopher Avilla

  2. What is a MiTM attack?

  3. Mallory in the Middle • Alice"Hi Bob, it's Alice. Give me your key"--> MalloryBob • AliceMallory"Hi Bob, it's Alice. Give me your key"--> Bob • AliceMallory <--[Bob's_key]Bob • Alice <--[Mallory's_key]MalloryBob • Alice"Meet me at the bus stop!"[encrypted with Mallory's key]--> MalloryBob • AliceMallory"Do not meet me!"[encrypted with Bob's key]--> Bob

  4. MiTM Attack Vectors

  5. ARP Cache Poisoning

  6. Tools for ARP Cache Poisoning

  7. Once in the middle…

  8. GSM Network MiTM • International Mobile Subscriber Identity (IMSI) • GSM equivalent to a username • Universal Software Radio Peripheral (USRP) • http://revision3.com/hak5/shmoocon2010

  9. Functional Weaknesses of System • Ability for base station to tell hand set that it will not get cipher • Plain text between phone and SIM card

  10. GSM Hand Shake • Secret Key in SIM Card • Base station sends 128 bit Random number • SIM Card concats 128 with Secret Key • Hashes the result and splits in two • Half is sent back to base station • Half is used for cypher A5 • A53 is 3G encryption

  11. OpenBTS • Hooks in to Asterisk (VoIP) • SIP proxy with voice changer • Target specific phone number and route all calls to 911 • Sniff all SIP packets and replay conversations http://openbts.sourceforge.net/

  12. Don’t be a Victim • Third Party Applications – AntiARP or XArp • http://www.raymond.cc/blog/archives/2009/08/07/protect-your-computer-against-arp-poison-attack-netcut/ • Look at your ARP table by ARP/a or ARP –a • Use static ARP tables • A fine tuned IDS will alert you when you’ve fallen • GSM phone should alert you when non-encrypted

  13. What are your Questions?

  14. Resources • http://en.wikipedia.org/wiki/Universal_Software_Radio_Peripheral • http://en.wikipedia.org/wiki/ARP_spoofing • http://www.irongeek.com/ • http://www.monkey.org/~dugsong/dsniff/faq.html • http://openmaniak.com/ettercap_filter.php • http://www.shmoocon.org/presentations-all.html • http://openbts.sourceforge.net/ • http://revision3.com/hak5/pineapples • http://revision3.com/hak5/shmoocon2010

More Related