Hello! During
Computer Security Training Cycle Intermediate SMR, this week we are studying Intrusion Detection Systems, and we have focused on Patriot NG, a Host-IDS for Windows systems. In this post I want to show how an IDS can protect against an attack Man in the Middle.
In the first video we'll see what happens when a team suffers unprotected IDS MITM attack. We will see the attacker to use Ettercap to poison the ARP caches of victims and capture the traffic with Wireshark, obtaining the password that the attacked computer user just typed into your browser:
As you can see in the video, the computer is tricked attacked without the user noticing anything, and therefore, the attacker can capture traffic sent from the victim and obtain, for example, passwords .
In the next video we'll see what happens when the team we have working Patriot NG:
As we see, the attacked computer user is shown a message alerting you Patriot NG that an entry in the ARP cache has been modified, and offered the possibility of reversing the change, thus avoiding the MITM attack.
Greetings!
0 comments:
Post a Comment