Man-in-the-middle Attack - Forensic Analysis of MITM Attacks

Forensic Analysis of MITM Attacks

Captured network traffic from what is suspected to be a MITM attack can be analyzed in order to determine if it really was a MITM attack or not. Important evidence to analyze when doing network forensics of a suspected SSL MITM attack include:

IP address of the server
DNS name of the server
X.509 certificate of the server
- Is the certificate self signed?
- Is the certificate signed by a trusted CA?
- Has the certificate been revoked?
- Has the certificate been changed recently?
- Do other clients, elsewhere on the Internet, also get the same certificate?

Read more about this topic: Man-in-the-middle Attack

Famous quotes containing the words analysis and/or attacks:

“... the big courageous acts of life are those one never hears of and only suspects from having been through like experience. It takes real courage to do battle in the unspectacular task. We always listen for the applause of our co-workers. He is courageous who plods on, unlettered and unknown.... In the last analysis it is this courage, developing between man and his limitations, that brings success.”
—Alice Foote MacDougall (1867–1945)

“Neither the wrath of Heaven nor the attacks of enemies
are as fatal as Pleasure alone when she infects the mind.”
—Silius Italicus (26–101)

Related Phrases

Initial Shared Secret

Quantum Key Distribution

Related Words