Man In The Middle Attack
What is Man In The Middle Attack ?
A man-in-the-middle attack requires three person. First, there’s the victim, the entity with which the victim is trying to communicate, and the “man in the middle,” who is intercepting the victim’s communications. Most critical scenario is that the victim is not aware of the man in the middle.
How Does A Man-In-The-Middle Attack Work ?
Let me tell you guys how man in the middle attack happens,
Suppose you receive an email that appears to have been sent by your bank asking you to log in to your account to confirm your bank's contact information. When you click on the link in the email, you will be taken to a website that looks like your bank's website and you are asked to login there.
In this case the email you get is sent by a man in the middle which looks like your bank's website.
He creates a website that looks the same to your bank website so that when you click on the link found in the email, you do not hesitate to enter your login details.
And when you do this, you are not logged into your bank's website, you hand over all your login details to the attacker using which he can access your bank account.
(By the way, the phishing method has also been used in this attack, in which the same website has been created like your bank's website.)
So always be careful.
And beware of such emails Bank never sends you any email asking you to login and update your contact information.
Types of Man In The Middle Attack
There are seven (7) types of Man In The Middle Attack. Cybercriminals can use Man In The Middle Attack to take or gain control of devices in many ways.
1️⃣ IP Spoofing
Each and every device which is capable of connecting to internet has an IP (Internet Protocol) Address which is similar to the street address for your home.
Spoofing is a type of cyber attack where the cyber-attacker or hacker manipulates a computer, device, or network to mask their identity so no one can identify them.
From there they use fake persona to trick other computer networks or to make transactions that appear to have originated from a legitimate party.
In other words, it is a high-tech form of impersonation.
2️⃣ DNS Spoofing
Domain Name Server (DNS) Spoofing (a.k.a DNS cache poisoning) is a type of cyber-attack that exploits vulnerabilities in DNS servers to divert traffic from a legitimate server to a fake server.
Many of you don't know the DNS but I am here make you understand what is DNS and what is DNS servers.
What Is DNS and what is DNS server ?
You might be thinking ' what is DNS '.
To illustrate , DNS stand for Domain Name System.
To understand DNS Server , you have to understand some points.
1. Internet Protocol (IP) Address :
An IP address is an unique identifying number which is associated with specific computer network, computer, device, and server.
This identifying number (unique ID) is what computers use to 'talk' and 'locate' each other.
2. Domain Name or Domain
A Domain Name (often called as Domain) is a text name that is easy to remember , identify and connect to specific website servers.
It's the unique name that appears after the @ sign in email addresses, and after www. in web addresses.
Example of Domain name is -
(A) Google.com
(B) Wikipedia.com
(C) Facebook.com
(D) instagram.com
3. Domain Name System (DNS)
Domain Name System is used to translate domain names into corresponding IP address so that browser can load internet resources.
4. Domain Name System Servers
Domain Name System Servers consist of four Server types that composes the DNS lookup process.
My Social Media Links :