Print this chapterPrint this chapter

Chapter 17 Common Types of Attacks

2. Technology Based Attacks

2.3. On-Path Attack

On-Path Attack slide

Audio 

 

Transcript

So the next thing we're going to talk about is an On-Path Attack 

This used to be called the Man-in-the-Middle attack, still is, but for the test, you need to know On-Path Attack. 

In this attack a person positions themselves between two computers. 

It intercepts the packets that are intended for one, it reads the data, then sends it on.  

So basically, it's not keeping the data from going where it needs to go, it's just capturing that data and then using it for nefarious reasons. 

Examples of that are rogue ATM or credit card swipers. 

It's a device that can be plugged into an ATM, and when you swipe your card, it reads that, it reads your card and it steals all the information off of it, but the bank it still gets the information for you to be able to use the ATM.  

So, unless you know they're there or know what to look for, you may never know that you were a victim of a swiper. 

Gas stations are notorious where somebody will come by and put one on the pump.  

When you put your card in, it reads all that information as well, and then the bad guys have your credit card information.  

They might get your pin, et cetera, but that's what an on-path attack is.  

It doesn't have to be just a credit card swiper.  

You can position yourself in between. 

If you can get into a network, you may be able to get between two computers that are exchanging data.  

So, I talked about that school where the bad guys hacked in, and basically they were reading emails, they were intercepting emails and reading them to learn how the school operated, what its procedures were for payroll and then sending those emails along. 

And then when it came time for them to do their attack, they knew what they were doing because they had read all this information. 

Same thing, but a credit card swiper is a really common way today.  

Whenever I get out at a gas station or an ATM, I shake the card reader to see if it will come loose or not, so that's one way of doing it.  

But anyway, those are those types of devices.  

It was called a man in the middle attack. 

Still is by most people in the industry, but for test purposes it's the on-path attack.