15. Man-in-the-Middle Attack (2)
SSH Client SSH Server
Connection Connection
Authentication Authentication
Transport Transport
TCP/IP TCP/IP
Normal SSH Session
16. Man-in-the-Middle Attack (3)
SSH Server
SSH Client
MITM
Connection Connection Connection Connection
Authentication Authentication Authentication Authentication
Transport Transport Transport Transport
TCP/IP TCP/IP TCP/IP TCP/IP
SSH Session with an Active Man-in-the-Middle Attack
17. Man-in-the-Middle Attack (4)
中間者になる為の手法
LOCAL AREA NETWORK:
– ARP poisoning, DNS spoofing
– STP mangling, Port stealing
FROM LOCAL TO REMOTE (through a gateway)
– ARP poisoning, DNS spoofing, DHCP spoofing
– ICMP redirection, IRDP spoofing, route mangling
REMOTE:
– DNS poisoning, traffic tunneling, route mangling
WIRERESS:
– Access Point Reassociation