I was surfing the web at 3 in the morning and I got a warning which seems to indicate a MITM attack. Does this mean the attacker was able to passive sniff my activity in real-time in order to launch the attack?
Asked
Active
Viewed 149 times
2
-
Did you get the SSL certificate warning message when browsing the HTTPS site ? – ifexploit Jul 01 '15 at 06:27
-
Where did the warning come from? – Konrad Gajewski Jul 01 '15 at 11:03
-
Yes! I did get a certificate warning with the yellow badge and man in the hat.It was an https site! It came from my student loan page where I have to login to view my account. So did an attack happen in real time? – user7149 Jul 01 '15 at 17:05
1 Answers
1
I think Yes, it has to be in real time.
As I understand the attack, it poisons the cache of arp entries in your OS using arp replies, and due to ARP protocol standards, it updates the cache of the OS immediately even if the entries is not expired.
After the attack is finished, the OS updates the ARP cache after multiple 'futile' requests using the poisoned cache.
![](../../users/profiles/28790.webp)
Eibo
- 2,485
- 3
- 19
- 32