Yıl 2019, Cilt 4 , Sayı 2, Sayfalar 96 - 116 2019-12-01

A Hidden Hazard: Man-In-The-Middle Attack in Networks

Ahmet Efe [1] , Gizem KALKANCI [2] , Mehmet Donk [3] , Serhat Cihangir [4] , Ziya Uysal [5]


The most critical subject in information communication technologies is information security. Information security is defined as the prevention of access, use, modification, disclosure, removal, alteration and damage of information as an entity type without permission or in an unauthorized manner. Threats to information security continue to increase with today's evolving technology. Protecting our data is not an easy task these days when attackers are constantly discovering new techniques and exploits to steal our data. One of the most used of these techniques is the Man in the middle (MITM) attack. Attackers can use this attack to listen to local network traffic and steal end-user data from traffic flowing without malicious software or virus. In addition, passwords can be obtained by bypassing SSL. There are many common ways of starting an MITM attack. The simplest of these will be to create a fake node in an open computer network like Coffee Shops WiFi network. In this study, the concept of information security has been emphasized and the necessary criteria have been explained. Then, a popular type of attack, the MITM attack, has been implemented in various ways over the Linux operating system. After prevention methods for this attack, which was performed by various methods, have been described. As a result, the MITM attack, one of the popular types of attacks that threaten information security, has been introduced, the various forms of application have been shown both in technical and practical terms, and the methods of prevention have been described. With this study, it is aimed to establish an awareness in this issue and to take precautions against the threats that may arise with developing technology.
Man-in-the-middle (MITM) attack, Information security, ARP poisoning, e-government security
  • Hekim, H. (2015). Oltalama (Phishing) Saldirilari. Retrieved from academia: http://www.academia.edu/35136881/Oltalama_Phishing_Saldirilari
  • Hugo, E. (2016, March 28). Performing Man-In-The-Middle Attack with ARPSpoof. Retrieved from myhackingjournal.blogspot: http://myhackingjournal.blogspot.com/2016/03/performing-man-in-middle-attack-with-arpspoof.html
  • Infosec Guide: Defending Against Man-in-the-Middle Attacks. (2017, July 27). Retrieved from trendmicro: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/infosec-guide-defending-against-man-in-the-middle-attacks
  • Man-in-the-Middle (MITM) Attacks. (2018, May 1). Retrieved from rapid7: https://www.rapid7.com/fundamentals/man-in-the-middle-attacks/
  • Man-in-the-middle attack. (2018, May 1). Retrieved from wikipedia: https://tr.wikipedia.org/wiki/Man-in-the-middle_attack
  • Ramadhan, F. B. (2018, January 25). Kali Linux: Social Engineering Toolkit. Retrieved from linuxhint: https://linuxhint.com/kali-linux-set/
  • Rangwala, S. (2015, May 10). Fake Website with DNS Spoofing in Kali Linux. Retrieved from linux-hacking-guide.blogspot: http://linux-hacking-guide.blogspot.com/2015/05/fake-website-with-dns-spoofing-in-kali.html
  • Rouse, M., & Cobb, M. (2015, December 8). Man-in-the-middle attack (MitM). Retrieved from internetofthingsagenda.techtarget: https://internetofthingsagenda.techtarget.com/definition/man-in-the-middle-attack-MitM
  • Sultana, N., Chilamkurti, N., Peng, W., & Alhadad, R. (2018, January 18). Survey on SDN based network intrusion detection system using machine learning approaches. Peer-to-Peer Networking and Applications.
  • Tanmay. (2013, April 12). How to defend yourself against MITM or Man-in-the-middle attack. Retrieved from thewindowsclub: http://www.thewindowsclub.com/man-in-the-middle-attack
  • Tekdoğan, R., & Efe, A. (2018). Prevention Techniques for SSL Hacking Threats to E-Government Services. Ankara: International Journal of Information Security Sciences.
  • Toward More Resilient Cyber Infrastructure: A Practical Approach. (2016). In B. Tanceska, M. Bogdanoski, & A. Risteski, Handbook of Research on Civil Society and National Security in the Era of Cyber Warfare (pp. 305-351). IGI Global.
  • Yeahhub Corporation. (2017, August 15). Sniff HTTPS/FTP Packets Using SSLSTRIP And DSNIFF – ARP Spoofing MITM Attack. Retrieved from yeahhub: https://www.yeahhub.com/sniff-https-ftp-packets-using-sslstrip-dsniff-arp-spoofing-mitm-attack/
Birincil Dil en
Konular Bilgisayar Bilimleri, Bilgi Sistemleri
Bölüm PAPERS
Yazarlar

Yazar: Ahmet Efe
Ülke: Turkey


Yazar: Gizem KALKANCI
Ülke: Thailand


Yazar: Mehmet Donk

Yazar: Serhat Cihangir

Yazar: Ziya Uysal

Tarihler

Yayımlanma Tarihi : 1 Aralık 2019

APA Efe, A , KALKANCI, G , Donk, M , Cihangir, S , Uysal, Z . (2019). A Hidden Hazard: Man-In-The-Middle Attack in Networks. Bilgisayar Bilimleri , 4 (2) , 96-116 . Retrieved from https://dergipark.org.tr/tr/pub/bbd/issue/49546/476623