2

Reading other questions such as this or this or this, it seems if I'm the only one using the wifi connection at home I can be sure no man in the middle attack is happening, because there is no way to stand in the middle due to lack of physical access to network infrastructure.

Am I right? or there is a way to arbitrarily choose someone over internet and become the man-in-the-middle of their connection by some method?

I'm also assuming

  • the government agencies are not spoofing on my connection (or if they are, they are so advanced there is no way to defeat them anyway).
  • no one at my ISP cares about my connection to spoof it.
  • My ISP is not compromised.
hkoosha
  • 123
  • 4
  • 1
    DNS poisoning can direct traffic to a malicious 'middle' too. – schroeder Aug 06 '15 at 18:34
  • @schroeder but poisoning dns queries has the same constraints mentioned above, isn't it? (assuming the dns server itself is not compromised). – hkoosha Aug 06 '15 at 19:38

2 Answers2

4

Not necessarily.

There are numerous attack vectors that can expose you to a man-in-the-middle-attack in this instance:

  • A Rogue Access Point. Someone impersonates your AP and forwards the traffic on to the AP, thus allowing them to perform a man in the middle attack on your network traffic.

  • DNS-based attack (as pointed out by schroeder's comment): What DNS servers are you using? If those DNS servers are compromised, they can redirect you to a man in the middle attack. If you're using your local router as a DNS server, it could be compromised to point to malicious DNS servers, among other methods. If your local computer is compromised with malware etc, it could be pointing to malicious DNS servers (although int his case a man in the middle attack might be superfluous, since they're already in your computer)

  • The other end of the connection. If the endpoint network you're connecting to has been compromised, the man in the middle attack can be conducted from the network on the other end. This would be a less realistic issue in the case of large sites, but for personally-operated servers/sites this may be a viable attack vector.

But yes, as you point out there is no way for a random entity on the internet, without access to a privileged position like an Internet Exchange (IX) or an ISP, to carry out a man in the middle attack at whim. They would typically have to compromise, somehow, the local network on either end of the connection to launch such an attack.

Herringbone Cat
  • 4,242
  • 15
  • 19
0

To add to Herringbone_Cat's answer:

There is another type of attack called IP hijacking, where the attacker announces that their router has the "better" route to an IP address. If they are convincing enough, the entire internet could start routing traffic to that IP address through the attacker's router. If successful, MITM is just one of many exploits that can be done once an IP address (or more typically a block of IP addresses) has been hijacked.

TTT
  • 9,122
  • 4
  • 19
  • 31
  • While this is theoretically possible, what you are talking about is a BGP attack. This is very technically infeasible unless you have access to peered devices or peering information at an ISP. Within most home local networks, the subnet is flat and there aren't VLANs, so this type of an attack would rely upon ARP spoofing and other typical MITM means. On the open internet, it would be a highly unlikely event that would be noticed by ISPs and reporters. – Herringbone Cat Aug 06 '15 at 21:37
  • @Herringbone_Cat but this has happened before, if I'm not mistaken? – hkoosha Aug 07 '15 at 01:19
  • 1
    @loolooyyyy Yes, but only a handful of times and there is no record of it ever having been done by malicious hackers. https://en.wikipedia.org/wiki/IP_hijacking – Herringbone Cat Aug 07 '15 at 03:16