67 views

In a _____ attack, an intruder comes between two communicating parties, intercepting and replying to their messages.

1. Man in the middle
2. Replay
3. Quarantine
4. None
| 67 views

+1 vote

A question from network security. Naice nigga.. :)

1. MAN IN THE MIDDLE ATTACK

In cryptography and computer security, a man-in-the-middle attack (MITM) is an attack where the attacker secretly relays and possibly alters the communications between two parties who believe they are directly communicating with each other. One example of a MITM attack is active eavesdropping, in which the attacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all relevant messages passing between the two victims and inject new ones. This is straightforward in many circumstances; for example, an attacker within reception range of an unencrypted wireless access point (Wi-Fi) could insert themselves as a man-in-the-middle.

Suppose Alice wishes to communicate with Bob. Meanwhile, Mallory wishes to intercept the conversation to eavesdrop and optionally to deliver a false message to Bob.

First, Alice asks Bob for his public key. If Bob sends his public key to Alice, but Mallory is able to intercept it, an MITM attack can begin. Mallory sends Alice a forged message that appears to originate from Bob, but instead includes Mallory's public key.

Alice, believing this public key to be Bob's, encrypts her message with Mallory's key and sends the enciphered message back to Bob. Mallory again intercepts, deciphers the message using her private key, possibly alters it if she wants, and re-enciphers it using the public key she intercepted from Bob when he originally tried to send it to Alice. When Bob receives the newly enciphered message, he believes it came from Alice.

1. Alice sends a message to Bob, which is intercepted by Mallory:

Alice "Hi Bob, it's Alice. Give me your key." →     Mallory     Bob

2. Mallory relays this message to Bob; Bob cannot tell it is not really from Alice:

Alice     Mallory "Hi Bob, it's Alice. Give me your key." →     Bob

3. Bob responds with his encryption key:

Alice     Mallory     ← [Bob's key] Bob

4. Mallory replaces Bob's key with her own, and relays this to Alice, claiming that it is Bob's key:

Alice     ← [Mallory's key] Mallory     Bob

5. Alice encrypts a message with what she believes to be Bob's key, thinking that only Bob can read it:

Alice "Meet me at the bus stop!" [encrypted with Mallory's key] →     Mallory     Bob

6. However, because it was actually encrypted with Mallory's key, Mallory can decrypt it, read it, modify it (if desired), re-encrypt with Bob's key, and forward it to Bob:

Alice     Mallory "Meet me at the van down by the river!" [encrypted with Bob's key] →     Bob

7. Bob thinks that this message is a secure communication from Alice.

This example shows the need for Alice and Bob to have some way to ensure that they are truly each using each other's public keys, rather than the public key of an attacker. Otherwise, such attacks are generally possible, in principle, against any message sent using public-key technology. A variety of techniques can help defend against MITM attacks.

Using a man-in-the-middle ploy allows an attacker to obtain logon credentials or sensitive data that is being transmitted, and modify that data before forwarding it to the intended host. To defend against a man-in-the-middle attack, you need to implement DNS protection by blocking access to its records and name caching system.

REPLAY ATTACK

A replay attack, also known as a playback attack, has similarities to a man-in-the-middle attack.

In replay attacks, the attacker will chronicle the traffic between a client and server then resends the packets to the server with minor changes to the source IP address and time stamp on the packet. This opens up an opportunity for the attacker to go back to the previous communication link with the server and access data. To protect your system from this type of invasion, applying complex sequencing rules and time stamps will counteract re-transmitted packets being accepted as valid.

TLDR:  So BOTH $a$ and $b$ is the answer.

If found helpful, UPVOTE and mark ans as the BEST ANSWER (by clicking the blue tick on the left side of the ans). This motivates me to ANSWER YOUR QUESTIONS IN FUTURE

by (1.7k points)
selected by
0
Thank u Gaitonde Sir. :)
0

Never call me sir.. :)

I am just an ordinary aspirant.

I think the answer will be (b) because in replay attack an intruder can capture the message sent by sender and later replay the message to the receiver. This delays the message receiving time for receiver
by (804 points)
0

Thank u.. I have also marked the same but the ans given was a… which I also believe is wrong..

Thanks anyway.. :)

0
Google about man in middle attack.. And then analyze the difference between option a and b... Then you will understand who were wrong.
0

What i found out was, in Man in the middle the intruder only listens rather than replying thus making it into a passive attack

Where as in case of replay attack the intruder replies to the message, thus making it an active attack.

Please correct me if i went wrong

0
0