On Path Attacks 2.4

Question 1

In an […] attack, an attacker sits in the middle of a conversation between two or more devices and is able to see, redirect, and possibly even modify the data being sent between them

Answer 1

On Path / Man in the Middle

Question 2

A type of On Path attack, […], has the attacker send fake ARP messages to link the MAC address of their computer with the IP address of a legitimate device

Answer 2

ARP Spoofing

Question 3

In an […] attack, malware on a victims PC uses a proxy to redirect all internet traffic to the attackers PC before being sent out of the network. This means all data, even if encrypted, is sent in-the-clear to the attackers PC

Answer 3

On Path Browser

Question 4

The attack initiated after gaining information through an On Path attack is called a […] attack.

The goal is to use the information and pose as someone else to gain access to more sensitive systems

Answer 4

Replay

Question 5

When a user authenticates with a web server, it gains a session ID

In a […] attack, an attacker steals the session ID that’s associated with a user which could then be used to impersonate them

Answer 5

Session Hijacking

Question 6

To prevent session hijacking you should […] your data end to end so an attacker never sees it in the first place

Answer 6

Encrypt