1.2 Man-in-the-middle
The Man-in-the-middle (MITM) attack is possible in
both wired and wireless networks. In a wired network,
one either needs to spoof DNS requests or ARP requests
or compromise a valid gateway machine to obtain access
to the clients traffic. In a wireless network, since there is
no authentication of the network or the client is haphazardly
using an untrusted hotspot, the MITM is relatively
simple. The attacker connects (using wireless) to a wireless
network. He then provides service to other clients with
another access point that has the same SSID as the host network.
Clients associate with the attackers “rogue” access
point and traffic is routed though the attackers router. The
attacker can not only sniff, but can actually change the traffic,
insert viruses into downloaded files, change web pages,
and use known vulnerabilities in browser scripting to attack
the client machines when they visit well known web pages.
This attack is a particularly nefarious and easy to perform,
even on sophisticated users. In addition, the encryption between
the access point (rogue) and client does not protect
the client.