Research Article
BibTex RIS Cite

A Hidden Hazard: Man-In-The-Middle Attack in Networks

Year 2019, Volume: 4 Issue: 2, 96 - 116, 01.12.2019

Abstract

The most critical subject in information
communication technologies is information security. Information security is
defined as the prevention of access, use, modification, disclosure, removal,
alteration and damage of information as an entity type without permission or in
an unauthorized manner. Threats to information security continue to increase
with today's evolving technology. Protecting our data is not an easy task these
days when attackers are constantly discovering new techniques and exploits to
steal our data. One of the most used of these techniques is the Man in the middle
(MITM) attack. Attackers can use this attack to listen to local network traffic
and steal end-user data from traffic flowing without malicious software or virus.
In addition, passwords can be obtained by bypassing SSL. There are many common
ways of starting an MITM attack. The simplest of these will be to create a fake
node in an open computer network like Coffee Shops WiFi network. In this study,
the concept of information security has been emphasized and the necessary
criteria have been explained. Then, a popular type of attack, the MITM attack,
has been implemented in various ways over the Linux operating system. After
prevention methods for this attack, which was performed by various methods,
have been described. As a result, the MITM attack, one of the popular types of
attacks that threaten information security, has been introduced, the various
forms of application have been shown both in technical and practical terms, and
the methods of prevention have been described. With this study, it is aimed to
establish an awareness in this issue and to take precautions against the
threats that may arise with developing technology.

References

  • Hekim, H. (2015). Oltalama (Phishing) Saldirilari. Retrieved from academia: http://www.academia.edu/35136881/Oltalama_Phishing_Saldirilari
  • Hugo, E. (2016, March 28). Performing Man-In-The-Middle Attack with ARPSpoof. Retrieved from myhackingjournal.blogspot: http://myhackingjournal.blogspot.com/2016/03/performing-man-in-middle-attack-with-arpspoof.html
  • Infosec Guide: Defending Against Man-in-the-Middle Attacks. (2017, July 27). Retrieved from trendmicro: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/infosec-guide-defending-against-man-in-the-middle-attacks
  • Man-in-the-Middle (MITM) Attacks. (2018, May 1). Retrieved from rapid7: https://www.rapid7.com/fundamentals/man-in-the-middle-attacks/
  • Man-in-the-middle attack. (2018, May 1). Retrieved from wikipedia: https://tr.wikipedia.org/wiki/Man-in-the-middle_attack
  • Ramadhan, F. B. (2018, January 25). Kali Linux: Social Engineering Toolkit. Retrieved from linuxhint: https://linuxhint.com/kali-linux-set/
  • Rangwala, S. (2015, May 10). Fake Website with DNS Spoofing in Kali Linux. Retrieved from linux-hacking-guide.blogspot: http://linux-hacking-guide.blogspot.com/2015/05/fake-website-with-dns-spoofing-in-kali.html
  • Rouse, M., & Cobb, M. (2015, December 8). Man-in-the-middle attack (MitM). Retrieved from internetofthingsagenda.techtarget: https://internetofthingsagenda.techtarget.com/definition/man-in-the-middle-attack-MitM
  • Sultana, N., Chilamkurti, N., Peng, W., & Alhadad, R. (2018, January 18). Survey on SDN based network intrusion detection system using machine learning approaches. Peer-to-Peer Networking and Applications.
  • Tanmay. (2013, April 12). How to defend yourself against MITM or Man-in-the-middle attack. Retrieved from thewindowsclub: http://www.thewindowsclub.com/man-in-the-middle-attack
  • Tekdoğan, R., & Efe, A. (2018). Prevention Techniques for SSL Hacking Threats to E-Government Services. Ankara: International Journal of Information Security Sciences.
  • Toward More Resilient Cyber Infrastructure: A Practical Approach. (2016). In B. Tanceska, M. Bogdanoski, & A. Risteski, Handbook of Research on Civil Society and National Security in the Era of Cyber Warfare (pp. 305-351). IGI Global.
  • Yeahhub Corporation. (2017, August 15). Sniff HTTPS/FTP Packets Using SSLSTRIP And DSNIFF – ARP Spoofing MITM Attack. Retrieved from yeahhub: https://www.yeahhub.com/sniff-https-ftp-packets-using-sslstrip-dsniff-arp-spoofing-mitm-attack/
Year 2019, Volume: 4 Issue: 2, 96 - 116, 01.12.2019

Abstract

References

  • Hekim, H. (2015). Oltalama (Phishing) Saldirilari. Retrieved from academia: http://www.academia.edu/35136881/Oltalama_Phishing_Saldirilari
  • Hugo, E. (2016, March 28). Performing Man-In-The-Middle Attack with ARPSpoof. Retrieved from myhackingjournal.blogspot: http://myhackingjournal.blogspot.com/2016/03/performing-man-in-middle-attack-with-arpspoof.html
  • Infosec Guide: Defending Against Man-in-the-Middle Attacks. (2017, July 27). Retrieved from trendmicro: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/infosec-guide-defending-against-man-in-the-middle-attacks
  • Man-in-the-Middle (MITM) Attacks. (2018, May 1). Retrieved from rapid7: https://www.rapid7.com/fundamentals/man-in-the-middle-attacks/
  • Man-in-the-middle attack. (2018, May 1). Retrieved from wikipedia: https://tr.wikipedia.org/wiki/Man-in-the-middle_attack
  • Ramadhan, F. B. (2018, January 25). Kali Linux: Social Engineering Toolkit. Retrieved from linuxhint: https://linuxhint.com/kali-linux-set/
  • Rangwala, S. (2015, May 10). Fake Website with DNS Spoofing in Kali Linux. Retrieved from linux-hacking-guide.blogspot: http://linux-hacking-guide.blogspot.com/2015/05/fake-website-with-dns-spoofing-in-kali.html
  • Rouse, M., & Cobb, M. (2015, December 8). Man-in-the-middle attack (MitM). Retrieved from internetofthingsagenda.techtarget: https://internetofthingsagenda.techtarget.com/definition/man-in-the-middle-attack-MitM
  • Sultana, N., Chilamkurti, N., Peng, W., & Alhadad, R. (2018, January 18). Survey on SDN based network intrusion detection system using machine learning approaches. Peer-to-Peer Networking and Applications.
  • Tanmay. (2013, April 12). How to defend yourself against MITM or Man-in-the-middle attack. Retrieved from thewindowsclub: http://www.thewindowsclub.com/man-in-the-middle-attack
  • Tekdoğan, R., & Efe, A. (2018). Prevention Techniques for SSL Hacking Threats to E-Government Services. Ankara: International Journal of Information Security Sciences.
  • Toward More Resilient Cyber Infrastructure: A Practical Approach. (2016). In B. Tanceska, M. Bogdanoski, & A. Risteski, Handbook of Research on Civil Society and National Security in the Era of Cyber Warfare (pp. 305-351). IGI Global.
  • Yeahhub Corporation. (2017, August 15). Sniff HTTPS/FTP Packets Using SSLSTRIP And DSNIFF – ARP Spoofing MITM Attack. Retrieved from yeahhub: https://www.yeahhub.com/sniff-https-ftp-packets-using-sslstrip-dsniff-arp-spoofing-mitm-attack/
There are 13 citations in total.

Details

Primary Language English
Subjects Computer Software
Journal Section PAPERS
Authors

Ahmet Efe

Gizem Kalkancı This is me

Mehmet Donk This is me

Serhat Cihangir This is me

Ziya Uysal This is me

Publication Date December 1, 2019
Submission Date October 31, 2018
Acceptance Date December 19, 2018
Published in Issue Year 2019 Volume: 4 Issue: 2

Cite

APA Efe, A., Kalkancı, G., Donk, M., Cihangir, S., et al. (2019). A Hidden Hazard: Man-In-The-Middle Attack in Networks. Computer Science, 4(2), 96-116.

The Creative Commons Attribution 4.0 International License 88x31.png is applied to all research papers published by JCS and

A Digital Object Identifier (DOI) Logo_TM.png is assigned for each published paper