As the name indicates, a man-in-the-middle attack occurs when someone
between you and the person with whom you are communicating is actively monitoring, capturing, and controlling your communication transparently. For example, the attacker can re-route a data exchange. When computers are communicating at low levels of the network layer, the computers might not be able to determine with whom they are exchanging data.
Man-in-the-middle attacks are like someone assuming your identity in order to read your message. The person on the other end might believe it is you because the attacker might be actively replying as you to keep the exchange going and gain more information.
Types of Man-in-the-middle (MITM) attacks:
IP Spoofing: IP spoofing is used by an attacker to convince a system that it is communicating with a known, trusted entity and provide the attacker with access to the system. The attacker sends a packet with the IP source address of a known, trusted host instead of its own IP source address to a target host. The target host might accept the packet and act upon it.
ARP Spoofing: is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker’s MAC address with the IP address of a legitimate computer or server on the network.
DNS Spoofing/Poisoning: DNS cache poisoning, also known as DNS spoofing, is a type of attack that exploits vulnerabilities in the domain name system (DNS) to divert Internet traffic away from legitimate servers and towards fake ones. It is so dangerous because it can spread from DNS server to the DNS server.
Mitigations for MITM Attacks:
Strong WEP/WAP Encryption on Access point.
Manage Enterprise-wide certificates.
Verify TLS/SSL Setups.
Using a Virtual Private Network.
Public key pair based Authentication.
Using HTTPS protocol for Browsing.