0

If I send from A to B an information, the "Man in the middle" can change the value data sent or he/she can only sniff it?

Charles
  • 50,943
  • 13
  • 104
  • 142
user502052
  • 14,803
  • 30
  • 109
  • 188
  • 2
    straight from the wiki: In cryptography, the man-in-the-middle attack (often abbreviated MITM), bucket-brigade attack, or sometimes Janus attack, is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all messages going between the two victims and inject new ones, which is straightforward in many circumstances – Mitch Wheat Jan 11 '11 at 02:56
  • Yes. That's one of the risks of this attack. – Gert Grenander Jan 11 '11 at 02:57
  • 1
    The answer to this question depends on the details of the situation. Man-in-the-middle attacks are a class of attacks, not just a single attack. – Keith Irwin Jan 11 '11 at 02:59

1 Answers1

2

the answer depends upon the technologies involved.

1 if you do nothing to prevent the mitm attack, the man in the middle can both sniff and change your data. if you look up arp spoofing, you'll see a very simple way to play mitm - and you'll find tool sthat automate the work.

2 you can use crypto protocols like TLS, designed to prevent both sniffing and changingof data. if, however, you use a broken implementation, broken protocol, or weak algorithms, you're back to #1

3 you can use crypto that will provide only sniffing or changing data. for example, digital signatures effectively garuantee that the data hasn't changed, but the signature does nothing to protect the data from being read. similarly, a one time pad will make it impossible to read your data, but won't prevent blind tampering (there was an old problem with automatic teller machines, where it was possible to flip random bits to change the value of a deposit, hoping to make it larger tthan what you really deposited)

atk
  • 9,244
  • 3
  • 32
  • 32