Forensic Analysis of MITM Attacks
Captured network traffic from what is suspected to be a MITM attack can be analyzed in order to determine if it really was a MITM attack or not. Important evidence to analyze when doing network forensics of a suspected SSL MITM attack include:
- IP address of the server
- DNS name of the server
- X.509 certificate of the server
- Is the certificate self signed?
- Is the certificate signed by a trusted CA?
- Has the certificate been revoked?
- Has the certificate been changed recently?
- Do other clients, elsewhere on the Internet, also get the same certificate?
Read more about this topic: Man-in-the-middle Attack
Famous quotes containing the words analysis and/or attacks:
“Whatever else American thinkers do, they psychologize, often brilliantly. The trouble is that psychology only takes us so far. The new interest in families has its merits, but it will have done us all a disservice if it turns us away from public issues to private matters. A vision of things that has no room for the inner life is bankrupt, but a psychology without social analysis or politics is both powerless and very lonely.”
—Joseph Featherstone (20th century)
“Leadership does not always wear the harness of compromise. Once and again one of those great influences which we call a Cause arises in the midst of a nation. Men of strenuous minds and high ideals come forward.... The attacks they sustain are more cruel than the collision of arms.... Friends desert and despise them.... They stand alone and oftentimes are made bitter by their isolation.... They are doing nothing less than defy public opinion, and shall they convert it by blows. Yes.”
—Woodrow Wilson (1856–1924)