On-path Attacks
(OBJ 2.4)
On-Path Attack
- An attack where the attacker positions their workstation logically between two hosts during communication
- The attacker transparently captures, monitors, and relays communications between those hosts
Methods for On-Path Attacks
- ARP Poisoning
- Manipulating Address Resolution Protocol (ARP) tables to redirect network traffic
- DNS Poisoning
- Altering DNS responses to reroute traffic
- Rogue Wireless Access Point
- Creating a fake wireless access point to intercept traffic
- Rogue Hub or Switch
- Introducing a malicious hub or switch to capture data on a wired network
Replay Attack
-
Occurs when an attacker captures valid data and then replays it immediately or with a delay
-
Common in wireless network attacks; can also be used in wired networks
-
Example:
- If we can capture an authentication handshake between two hosts, we can then replay it to the authentication server so that it will think we are an authenticated client too and give us access to the network or its resources.
/CAP/Security+/Visual%20Aids/Pasted%20image%2020250714225319.png)
Relay Attack
-
The attacker becomes part of the conversation between two hosts
-
Serves as a proxy and can read or modify communications between the hosts
-
Any traffic between the client and server goes through the attacker
-
Remember relay involves getting the information and then passing it on, or you can intercept it, change it, and then pass it on.
/CAP/Security+/Visual%20Aids/Pasted%20image%2020250714225356.png)
Challenges with Replay and Relay
- Encryption can make interception and crafting communication difficult
- Strong encryption schemes like TLS 1.3 can pose significant challenges for attackers
- Techniques like SSL stripping may be used to downgrade encryption to an unsecured connection
- SSL Stripping
- An attack that tricks the encryption application into presenting an HTTP connection instead of HTTPS
- Enables attackers to capture unencrypted data when the user believes they are using a secure connection
- SSL Stripping
Downgrade Attack
- An attacker forces a client or server to abandon a higher security mode in favor of a lower security mode
- Scope of Downgrade Attacks
- Downgrade attacks can be used with various encryption and protection methods, including Wi-Fi and VPNs
- Any situation where a client agrees to a lower level of security that is still backward compatible can be vulnerable to a downgrade attack