Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [man-in-the-middle]

41 questions
62
votes
6 answers

How to remove strict RSA key checking in SSH and what's the problem here?

I have a Linux server that whenever I connect it shows me the message that changed the SSH host key: $ ssh root@host1 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ …
setatakahashi
  • 1,367
  • 2
  • 11
  • 15
36
votes
7 answers

MITM attacks - how likely are they?

How likely are "Man in the Middle" attacks in internet security? What actual machines, apart from ISP servers, are going to be "in the middle" of internet communications? What are the actual risks associated with MITM attacks, as opposed to the…
CJ7
  • 653
  • 9
  • 24
15
votes
4 answers

Setting up a transparent SSL proxy

I've got a linux box set up with 2 network cards to inspect traffic going through port 80. One card is used to go out to the internet, the other one is hooked up to a networking switch. The point is to be able to inspect all HTTP and HTTPS traffic…
badunk
  • 215
  • 1
  • 2
  • 11
8
votes
4 answers

Man In The Middle Attacks vs. SSL Certificate Authorities

What stops someone from MITM-attacking the request to the certificate authority to verify the certificate? Does the browser come pre-loaded with the public keys of the trusted certificate authorities (thereby providing authentication)? Whenever I…
scotjam
  • 83
  • 1
  • 3
6
votes
1 answer

Possible migrating openssh-server fingerprint?

I have upgrade my server to a new OS and newer hardware. But newly installed OS generated a new set of fingerprint / server keys. Is there anyway I could copy it from my old server to new server. In order to remove the security warning from…
c2h2
  • 759
  • 2
  • 8
  • 20
6
votes
1 answer

ssh - How does the option CheckHostIP=yes really help me?

There are many discussions about this option and most people argue that "it improves security", "it protects you from MiTM attacks/DNS spoofing", etc, but I fail to see how that is true. ssh_config(5) says that the option "allows ssh to detect if a…
AndroidX
  • 218
  • 1
  • 5
5
votes
3 answers

Is a self signed cerificate secure from man in the middle once you have accepted it

I have a mail server that has a self signed SSL certificate. I use Thunderbird to access this server, and it asks me to accept this certificate. So lets say I accept this in a semi secure location, for example on a local network. Then move on to an…
Don Juan
  • 53
  • 2
4
votes
1 answer

Problems using HSTS header at top level domain with includeSubdomains

Let's say I run a company "Example Inc" and have a website at: https://www.example.com Now because I'm security conscience I'm using https and would like to set the HSTS header to force its use. I'd also includeSubdomains for a long time, let's say…
Barry Pollard
  • 4,461
  • 14
  • 26
3
votes
4 answers

Open Source project that does SSL Inspection

I've been assigned to research out and spec replacing our old and decrepit http content filtering system. There are several open source filtering packages available but I've not come across one that does SSL inspection. The new system will scale to…
user21464
  • 33
  • 1
  • 4
3
votes
4 answers

VPN - Man-in-the-middle when connecting to a https service?

Choosing an off-the-shelf VPN service, is it safe to access my Gmail, Paypal, ... accounts? The accounts are accessed via https, but I don't know if with a VPN there is one secure channel between my computer and the https server, or two, i.e [me]…
Majid Fouladpour
  • 269
  • 4
  • 19
3
votes
4 answers

How can one perform a man-in-the-middle attack over a wireless connection?

I have recently setup a wireless network for a friend's business, and he asked me if there was any way someone could "hack" it. I assured him it would be extremely difficult once I setup a WPA2 key. This got me thinking, how can I really be sure…
John Rasch
  • 163
  • 4
  • 10
2
votes
3 answers

Once I ensure security out of the building, am I safe from Man in the Middle attacks?

Say I want to engage in an action that can be compromised through a man-in-the-middle attack (like key exchange). I've done my best to secure my end of the communication up until the point the network leaves the building: I make sure my machine is…
Shalmanese
  • 121
  • 1
2
votes
1 answer

Authentication of saltmaster against salt minions

I am just getting started with salt and I am wondering how the saltmaster is being authenticated against the clients. I know that when connecting a minion the master has to accept the public key of the minion and therefore no unauthorized minions…
Alexander
  • 23
  • 3
2
votes
2 answers

Simple working example of a Man-in-the-Middle attack?

I'm trying to research and patch a TLS renegotiation exploit which makes a website vulnerable to Man-in-the-Middle attacks. However, I don't understand how the attack occurs exactly and feel like a simple working example would help. How does an…
Socrates
  • 23
  • 3
2
votes
1 answer

How rare is a man in the middle attack?

I was wondering if I should set up a secure connection for the db administration application (phpmyadmin) for my sites. They don't store credit cards nor anything that could be valuable for a hacker.
HappyDeveloper
  • 315
  • 1
  • 3
  • 7
1
2 3