Question

QUESTION 3 In the Betty Davis case in the beginning of Chapter 7, the access point did not have security. This makes a MIM attack much easier. What is the Man-in-the-middle attack? How is it possible to use a MIM attack if the legitimate access point does not implement 802.11i?

Answer 1

Answer:

A MITM attack happens when a communication between two systems is captured by an outside substance. This can occur in any type of online communication, for example, email, web-based social networking, web surfing, and so forth. In addition to the fact that they are endeavoring to spy on your private discussions, they can likewise focus on all the data inside your gadgets.

Taking endlessly every one of the details, the idea of a MITM attack can be portrayed in a basic situation. Envision being taken back to the times of old when snail mail was overflowing. Jerry composes a letter to Jackie communicating his adoration for her following quite a while of concealing his sentiments. He sends the letter to the mail station and it's gotten by an intrusive mailman. He opened it and, only for no reason whatsoever, he chose to change the letter before conveying the mail to Jackie. This outcomes in Jackie despising Jerry for whatever is left of her life after "Jerry" called her a fat dairy animals. The lesson of the story is the mailman is a yank, as are hackers.

A more present day illustration would be a hacker sitting amongst you (and your program) and the site you're going to block and catch any information you submit to the site, for example, login certifications or monetary data.

Since the management outlines do not have any respectability assurance, building up a man in the middle with IEEE 802.11 based systems is simple . MiMs can be built up paying little mind to any insurances (WPA, RSN, VPN, et cetera) that you may utilize yet don't really represent a risk if the security protocol is solid. MiM attacks are conceivable in light of the fact that there are no honesty ensures gave at the link (layer 2), and MAC addresses are effortlessly manufactured.

The attack starts (accepting that the objective STA is now related to an AP) by the attacker issuing a Deauthentication message to the objective STA. This causes the STA to drop its relationship with its current AP and look to reassociate with another (perhaps the old) AP. In the meantime, the attacker builds up a pernicious AP with the same ESSID and MAC address as an AP inside scope of the attacker yet on an unexpected divert in comparison to the legitimate AP. The objective STA partners with the attacker's phony AP on the grounds that it is refused assistance at the substantial AP by the attacker's manufactured Deauthentication messages. Once the STA has related with the counterfeit AP, the fake AP promptly connects with the substantial AP and starts sending all movement so authentication (if utilized as in WPA or RSN) finishes.

DEAR PLEASE DO RATE IT IF HELPS ELSE LET ME KNOW YOUR DOUBT.

THANK YOU!!!