CertiGuide to Security+  9  Chapter 1:  General Security Concepts (Domain 1.0; 30%)       9  1.4  Attacks

How Can We Protect Our Network From Spoofing? 1 2 1.4.5  Replay

MITM and Telnet

One area where a MITM attack does stand out is in hacking of standard telnet user-type connections. Because you’re dealing with a human user on one side, the speed of data transfer will be easily manageable. With a plain-text type connection, such as telnet, you’ll be able to see the user’s passwords and private information exactly as they access it. This is an excellent reason not to employ plain-text authentication and unencrypted command-line sessions on your trusted network.

Encryption and secure protocols are one final area to be mentioned here. An MITM attack relies on being able to read the data contained in the IP packets. If an attacker can’t read the data, the attack is useless. Using secure protocols on your network will reduce the consequences of an MITM attack to almost zero. Currently there is no available hardware that is able to break 3DES-encrypted data quick enough to make an MITM attack possible if you’re employing 3DES for network communications.

Bearing all this in mind, applications do still exist to perform MITM attacks. An example is SW-MITM⁷⁶.

It should be noted that the vast majority of tools to perform low-level IP hacks are only available on Unix-like operating systems. The reason for this is simply control. Under Unix, the IP stack is completely open for manipulation by anyone with sufficient privileges. Under Windows this is not the case. In every version of Windows, except XP, the network stack has been kept “private” to the operating system and low-level hacks, such as spoofing, have not been possible.

To combat this, a few organizations have coded ports of network libraries such as Eeye’s LibNetNT, which do allow for low-level manipulation. Windows XP, however, contains “raw sockets” which allow for this manipulation natively. This issue has been massively debated and demands for its removal have been championed by Steve Gibson⁷⁷, who believes this to be extremely dangerous in functionality, despite its existence well before Windows XP was even dreamt of. For a reality check that the sky isn’t falling, see the recently released Windows .NET Server Security Handbook⁷⁸ by Peikari.

How Can We Protect Our Network From Spoofing? 1 2 1.4.5  Replay