Deal with a Man in the Middle Attack

The terminology man-in-the-middle attack (MTM) in internet security, is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. For example, an attacker within reception range of an unencrypted Wi-Fi wireless access point, can insert himself as a man-in-the-middle. You'll come to terms with what this attack involves and how to deal with it by reading through this article.

Steps

  1. Understand how to counteract this type of attack. Since a man-in-the-middle attack (MTM) can succeed only when the attacker can impersonate each endpoint to the satisfaction of the other, the two crucial points in defending against MTM are authentication and encryption. A number of cryptographic protocols include some form of endpoint authentication specifically to prevent MITM attacks. For example, SSL can authenticate one or both parties using a mutually trusted certification authority. However, SSL is still not supported by many websites yet. Fortunately, there are three effective ways to defend against a man-in-the-middle attack even without SSL. These methods are able to encrypt the data traffic between you and the server you are connecting to, and also include some kind of end-point authentication. Each method is broken down in the following sections.

Virtual Private Network (VPN)

  1. To take the advantage of VPN, you should have a remote VPN server set up and configured first. You can do it yourself or just employ some reliable VPN service.
  2. Click "Control Panel" in the startup menu.
  3. In Control Panel, select "Network and Internet".
  4. Click "Network and Sharing Center".
  5. Click "Setup a new connection or network".
  6. In the "Setup a new connection or network" dialog, select "Connect to a workplace" and then press "Next".
  7. In the "Connect to a Workplace" dialog, click "Use my Internet connection (VPN)".
  8. Input the IP address of the VPN server and press "Next".
  9. Input your username and password, then press "Create".
  10. Click "Connect Now".

Proxy Server with Data Encryption Features

  1. Utilize a reliable proxy server and encrypt the transmission between you and the proxy. Some privacy software such as Hide My IP provides proxy servers and the option of encryption. Download it from here.
  2. Run the installation. When finished, double-click to launch the program.
  3. In the main interface, click "Advanced Settings...".
  4. In the "Advanced Settings and Options" dialog, check the option "Encrypt My Connection with SSL". This means that your data traffic to the sites you are visiting will be always encrypted, in just the same way as a https connection.
  5. Select a server you want to connect to, and then press "Hide My IP".

Secure Shell (SSH)

  1. Download Bitvise SSH Client from here. After installation, double-click the shortcut to launch the program.
  2. Select the "Services" tab in the main interface, in the SOCKS/HTTP Proxy Forwarding Section, check to Enable forwarding feature, then fill in the IP address of Listen Interface, 127.0.0.1, which means the localhost. Listen Port could be an arbitrary number ranging from 1 to 65535, but to avoid conflicts with the well-known port, a port number between 1024 and 65535 is suggested here.
  3. Switch to the "Login" tab. Fill in the information of the remote server and your account, then click the "Login" button below.
  4. When connecting to a server for the first time, a dialog containing the MD5 fingerprint of the remote server will pop up. You should check the fingerprint carefully to authenticate the real identity of the SSH server.
  5. Open a browser (for example, Firefox). Open menu, then click "Options".
  6. Select "Advanced" in "Options" Dialog. Click "Network" tab, then click "Settings...".
  7. In the "Connection Settings" dialog, select "Manual Proxy Configuration" option. Choose the proxy type "SOCKS v5", and fill in the IP address and port number of the proxy server, then press "OK". Since you are running SOCKS proxy forwarding using Bitvise SSH client in the same computer, the IP address should be 127.0.0.1 or localhost, and the port number must be the same as we set in #2.

Tips

  • A VPN is created by establishing a virtual point-to-point connection through the use of dedicated connections, virtual tunneling protocols or traffic encryptions, such as PPTP (Point-to-point Tunneling Protocol) or Internet Protocol Security (IPSec). All data transmission is encrypted so that even if being intercepted, the attacker will have no idea about the content of the traffic.
  • As a transfer station, the safety and reliability of the VPN server is very crucial to the security of your whole communication system. So, if you do not have a dedicated VPN server yourself, you are advised to only choose well-famed VPN server provider, such as HideMyAss.[1]
  • SSH is typically used to log into a remote machine and execute commands, but it also supports tunneling, forwarding TCP ports and X11 connections; a Secure Shell (SSH) tunnel consists of an encrypted tunnel created through an SSH protocol connection. Users may set up SSH tunnels to transfer unencrypted traffic over a network through an encrypted channel.

Sources and Citations

You may like