Man-in-the-middle Attack - Forensic Analysis of MITM Attacks

Forensic Analysis of MITM Attacks

Captured network traffic from what is suspected to be a MITM attack can be analyzed in order to determine if it really was a MITM attack or not. Important evidence to analyze when doing network forensics of a suspected SSL MITM attack include:

IP address of the server
DNS name of the server
X.509 certificate of the server
- Is the certificate self signed?
- Is the certificate signed by a trusted CA?
- Has the certificate been revoked?
- Has the certificate been changed recently?
- Do other clients, elsewhere on the Internet, also get the same certificate?

Read more about this topic: Man-in-the-middle Attack

Famous quotes containing the words analysis and/or attacks:

“A commodity appears at first sight an extremely obvious, trivial thing. But its analysis brings out that it is a very strange thing, abounding in metaphysical subtleties and theological niceties.”
—Karl Marx (1818–1883)

“Stupidity is something unshakable; nothing attacks it without breaking itself against it; it is of the nature of granite, hard and resistant.”
—Gustave Flaubert (1821–1880)

Related Phrases

Initial Shared Secret

Quantum Key Distribution

Related Words