Wouldn't it be more accurate to say that Man in the Middle attacks are really
Man at the End attacks?
I've been reading the IP-Watch Web Page about hijacking TCP connections and
active packet sniffing. The "threat to the whole Internet" seems a bit
exaggerated for the average Joe.
TCP connections flying over Internet today from say A.com to B.com aren't
likely to be crossing over a network controlled by evil.com. What is the
REAL potential of someone being able to nail a A.com to B.com connection
without being inside A.com or B.com? Most companies connect to the 'net
using a commercial Intner provider. Let's say MCI. I know for a fact MCI
routes data internally along its DS3 back bone as much as it can so if
you and I both use MCI we never leave MCI land. What is the real potential
of someone tapping, hacking or sniffing one of MCI's links? Sure the
possibility exists but so does the possibility I put a bomb in your car
while you were reading this.
The real potential threat seems to be from the inside of B.com or A.com where
direct access to the network is MUCH more easy to abtain. Or even worse is
evil.com directly attacking A.com or B.com like the Tsutomu Shimomura attack
Is the real potential threat the Man at the End rather than the Man that
maybe in the Middle? Particularly my end.
My company seems to not view it this way so internal security is much
looser than our outbound connections.
As a side thought, anyone got any numbers of how many hacks come from inside
----- Ed Maillet