Skip to Main Content
Forums

Oracle Database Discussions

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Man-in-the-Middle Attack

MohamedTawfikAug 8 2010 — edited Aug 8 2010
Dear All

Below is Oracle MIM Attack technique:


man-in-the-middle (MITM) is a technique used by attackers with the intention of intercepting and forwarding connections. This explanation from Wikipedia explains the attack in detail:
“In cryptography, the man-in-the-middle attack (often abbreviated MITM), or bucket-brigade attack, or sometimes Janus attack, is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all messages going between the two victims and inject new ones, which is straightforward in many circumstances (for example, an attacker within reception range of an unencrypted Wi-Fi wireless access point, can insert himself as a man-in-the-middle).
Moreover, the explanation from SearchSecurity provides a complementary definition:
“The attack gets its name from the ball game where two people try to throw a ball directly to each other while one person in between them attempts to catch it. In a man in the middle attack, the intruder uses a program that appears to be the server to the client and appears to be the client to the server. The attack may be used simply to gain access to the message, or enable the attacker to modify the message before retransmitting it. Man in the middle attacks are sometimes known as fire brigade attacks. The term derives from the bucket brigade method of putting out a fire by handing buckets of water from one person to another between a water source and the fire.”
From SearchSecurity,
From our point of view, man-in-the-middle attacks are the way to obtain access to Oracle connections and do our tricks to abuse of Oracle live connections. It’s important to note that Oracle connections from client to server and vice-versa are commonly unencrypted.
Different protocols and techniques can be used to achieve man-in-the-middle attacks;

Thank you
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Sep 5 2010
Added on Aug 8 2010
#general-database-discussions
12 comments
2,221 views