+ Reply to Thread
Results 1 to 8 of 8
  1. Senior Member
    Join Date
    Oct 2006
    Posts
    288
    #1

    Default What is the difference between Man-in-the-middle and replay attacks?

    Could someone explain what is the difference between Man-in-the-middle and replay attacks?

    TIA
    Reply With Quote Quote  

  2. SS -->
  3. Cyber Ninja L0gicB0mb508's Avatar
    Join Date
    Apr 2005
    Location
    Teh Tubes
    Posts
    535

    Certifications
    GCIA, GCIH, MCP, Net+, Sec+, CCNA, Proj+, A+, CIW, AESA, CCNA:Sec
    #2
    Replay attack is actually a kind of man in the middle attack. Typically a man in the middle attack is just a catch all term for nearly any attack where the hacker is capturing traffic between two hosts. Man in the middle may just be someone sniffing packets off the wire. A replay attack is obviously where the attacker captures traffic, and stores or manipulates it before sending it on.
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Aug 2008
    Posts
    2,666

    Certifications
    MCSE: Security, MCTS x 5, P+, S+, N+, A+, HIT
    #3
    A replay attack is when the attacker is able to capture some of your data packets on their way to the intended destination. They will then try to re-use this information to attack your network. You can mitigate this by using strong session security and digital signatures.

    Man in the middle attacks are similar to replay attacks. The attacker will sometimes try to intercept the data or just capture some to use later. They may try to make the sender think they are the legitimate receiver. They may also try to add new messages and pass them on.

    Hope that helps.
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Oct 2006
    Posts
    288
    #4
    Thanks! Helps.
    Reply With Quote Quote  

  6. Registered Member Darril's Avatar
    Join Date
    May 2009
    Location
    Virginia Beach, VA
    Posts
    1,569

    Certifications
    MCT, A+, Net+, Security+, CASP, SSCP, CISSP, MCSE, MCITP...
    #5
    Just as Psoasman and LogicBomb508 state, a replay attack is a more specific type of man-in-the-middle attack. I view the biggest difference in the intent. In the man-in-the-middle attack the intent is simply to capture the data, but in a replay attack the intent is to reuse the data in an an attack.

    A man-in-the-middle attack is a form of active interception or eavesdropping. An attacker can use a sniffer or protocol analyzer (such as Wireshark) to capture transmitted data. A wireless access point placed in a wireless closet and transmitting captured data to someone outside the building can be considered a man-in the middle attack.

    In a replay attack the captured data is later used to formulate an attack using the trasmitted data. For example, if the captured data includes credentials, the attacker can use those credentials to impersonate the client with slightly modified data packets.

    Kerberos prevents replay attacks by making sure that all clients are within 5 minutes of each other and rejecting traffic outside of this five minute timeframe. Five minutes simply isn't enough time to capture the data, crack the credentials, and rebuild the data packets.

    HTH,

    Darril Gibson
    Author: CompTIA Security+: Get Certified Get Ahead
    www.sy0-201.com
    Security+ Blog
    Security Plus: Get Certified Get Ahead
    Security+ Tip of day Tweets
    twitter.com/DarrilGibson
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    Oct 2006
    Posts
    288
    #6
    Quote Originally Posted by Darril View Post
    Just as Psoasman and LogicBomb508 state, a replay attack is a more specific type of man-in-the-middle attack. I view the biggest difference in the intent. In the man-in-the-middle attack the intent is simply to capture the data, but in a replay attack the intent is to reuse the data in an an attack.

    A man-in-the-middle attack is a form of active interception or eavesdropping. An attacker can use a sniffer or protocol analyzer (such as Wireshark) to capture transmitted data. A wireless access point placed in a wireless closet and transmitting captured data to someone outside the building can be considered a man-in the middle attack.

    In a replay attack the captured data is later used to formulate an attack using the trasmitted data. For example, if the captured data includes credentials, the attacker can use those credentials to impersonate the client with slightly modified data packets.

    Kerberos prevents replay attacks by making sure that all clients are within 5 minutes of each other and rejecting traffic outside of this five minute timeframe. Five minutes simply isn't enough time to capture the data, crack the credentials, and rebuild the data packets.

    HTH,

    Darril Gibson
    Author: CompTIA Security+: Get Certified Get Ahead
    www.sy0-201.com
    Security+ Blog
    Security Plus: Get Certified Get Ahead
    Security+ Tip of day Tweets
    twitter.com/DarrilGibson
    Thanks Darril!
    Reply With Quote Quote  

  8. Senior Member teancum144's Avatar
    Join Date
    Jun 2012
    Location
    Pacific Northwest, USA
    Posts
    227

    Certifications
    CISSP, CISA, CPA (inactive), Network+, Security+
    #7
    I realize this is an older thread, but I had the same question. Synthesizing Darril's comments and other research, I came up with the following:

    Man-In-The-Middle: An attack in which communications between two hosts are routed through the attacker’s host. The attacker can observe, modify, and/or block selected traffic before relaying to the intended host. Communications between the target hosts appear normal.

    Replay: An attack in which a copy of communications between two hosts is obtained by the attacker. The attacker retransmits selected portions of the copied communications at a later time for nefarious purposes such as creating duplicate transactions, circumventing authentication, etc.
    Reply With Quote Quote  

  9. Junior Member Registered Member
    Join Date
    Apr 2012
    Posts
    2
    #8
    I thought this might also help.

    Here's a simple non-security related analogy of both attacks:

    Man-in-the-middle Attack: In action movies where an intruder will hack into the CCTV (Closed-circuit Television) system and be able to switch off cameras or insert their own video, record video or just watch whats going on.

    Replay Attack: Where an intruder hacks into a CCTV system, and plays a looped video, fooling any people monitoring the cameras into thinking that the looped video is live when it was prerecorded and played again and again. (Although in real replay attacks the packet will need to be modified before they can be used in the attack)

    Hope this helps!
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks