There are many possible types of man-in-the-middle attacks.  The likelihood of any of them actually occurring depends on their ease, effectiveness, attractiveness of the target and extensiveness of counter-measures.  The TCP attack described by Bhansali (2001) is not exactly trivial to execute but due to the existence of the tools he delineates it is no longer a huge technical challenge.  The surreptitious nature of these sorts of  acts and the probability that victims might not want to publicize the events makes it a little difficult to positively ascertain how often they occur but it is certain that they do.

MITM compromises can occur in almost any distributed application.  In fact, as Anderson (2008, p74) notes, “we will come across the man in the middle attack again and again in applications ranging from pay-TV to Internet security protocols”.  The man-in-the-middle attack works, most basically, by exploiting trust.  If Alice and Bob are carrying on a privileged conversation into which Trudy can interject, at the same time leading both parties to believe that she is the other, she will intercept the secrets they share.  If those secrets include passwords, cryptographic keys or other authentication, authorization or access materials the compromise can escalate well beyond the MITM attack.  So it is important to have counter-measures when possible.  How these should be designed and implemented will vary according to the nature of the attack and the perceived loss value of a compromise.

Uma Mahesh (2010) Has developed a program to identify and combat DNS MITM attacks.  In this case one can look for a signature (repeated address mismatches) to quash.  Potentially much more difficult to combat are social engineering MITM attacks such as might occur in a social network like FaceBook or an instant messaging service.  The TCP attack is probably somewhere in the middle as regards complexity of defense.  Meier et al (2003) suggest that the Session Hijacking component of the attack can be ameliorated if one uses encrypted session negotiations and encrypted communications channels and if one stays “informed of platform patches to fix TCP/IP vulnerabilities, such as predictable packet sequences.”

MITM attacks are very much a real-world problem.  How to deal with them must be addressed on a nearly case by case basis, since there are so many possible vectors and the potential losses range from inconsequential to catastrophic.  But all counter-measures are likely to contain some similarities.  Hardening network perimeters, having internal security policies and keeping software up to date are all pretty elementary procedures that will have a positive effect.

 

Anderson, R.J. (2008) Security Engineering – A Guide to Building Dependable Distributed Systems, 2nd ed.  Wiley Publishing, Inc. Indianapolis, IN

 

Bhansali, B.B. (2001) Man-In-the-Middle Attack – A Brief [Online].  Available from: http://www.giac.org/certified_professionals/practicals/gsec/0455.php (Accessed: 5 March, 2011)

 

Mahesh, U. (2010) Detect MITM attacks and secure your clients [Online].  Available from: http://www.umamahesh.net/2010/09/26/detect-mitm-attacks-and-secure-your-clients/ (Accessed: 6 March, 2011)

 

Meier, J.D., Mackman,A., Dunner, M., Vasireddy, S., Escamilla, R. & Murukan, A. (2003) Chapter 2 Threats and Countermeasures [Onl;ine].  Available from: http://msdn.microsoft.com/en-us/library/ff648641.aspx#c02618429_006 (Accessed: 6 March, 2011)