Forensic Analysis of MITM Attacks
Captured network traffic from what is suspected to be a MITM attack can be analyzed in order to determine if it really was a MITM attack or not. Important evidence to analyze when doing network forensics of a suspected SSL MITM attack include:
- IP address of the server
- DNS name of the server
- X.509 certificate of the server
- Is the certificate self signed?
- Is the certificate signed by a trusted CA?
- Has the certificate been revoked?
- Has the certificate been changed recently?
- Do other clients, elsewhere on the Internet, also get the same certificate?
Read more about this topic: Man-in-the-middle Attack
Famous quotes containing the words analysis and/or attacks:
“The spider-mind acquires a faculty of memory, and, with it, a singular skill of analysis and synthesis, taking apart and putting together in different relations the meshes of its trap. Man had in the beginning no power of analysis or synthesis approaching that of the spider, or even of the honey-bee; but he had acute sensibility to the higher forces.”
—Henry Brooks Adams (1838–1918)
“We are supposed to be the children of Seth; but Seth is too much of an effete nonentity to deserve ancestral regard. No, we are the sons of Cain, and with violence can be associated the attacks on sound, stone, wood and metal that produced civilisation.”
—Anthony Burgess (b. 1917)