Jump to content

“ICMP Redirect” MITM network attack


Recommended Posts

Did you read the page you linked? Specifically, this line:

Since the attack is happening on the IPs that the user access – it does not necessarily mean that the attacker had visibility to encrypted traffic that some of the above services are enforcing.

which they helpfully put in bold in the original text, suggesting it might be relevant to take note of.

Bottom line is that via the attack an MITM situation is achieved whereby both sides of a connection knowingly send their data through you, thinking you're the other party. The data being sent is the same data that you would otherwise be able to trap using wireshark once an MITM situation is achieved. Which is going to be encrypted data in all of those sites once the browser used has visited those sites at least one time before (due to HSTS), and quite possibly, depending on the browser used, even without the browser having visited those sites before.

HSTS prevents a browser from accessing a site via unencrypted means for a certain timeframe, typically a few months, which is re-affirmed (the end-time for the timeframe is pushed back) each time the site is accessed. The best way to remove HSTS is to get the host to tell the client, over its encrypted connection, that the HSTS timeframe is 1, meaning it will time out almost immediately. Only then will you be able to convince the client to create an insecure connection with the server. But this requires you break SSL first, which, last time I checked, is still kinda hard.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...