26-27 May, the country can not access GitHub (normal access from abroad, and display the certificate issuer is different from the country), while Jingdong and other sites have also appeared in the same issue. Currently affected mainly parts of users, China Mobile, China Unicom, China Telecom and Education Network can reproduce the problem.
GitHub's current visit has returned to normal, but not yet GitHub official on the matter to explain the situation.
According to the analysis of users from various quarters, GitHub suffered a middle attacks, specific means yet clear, but it is likely that DNS-based system or operator and other infrastructure-level attacks launched, otherwise it is impossible to explain such widespread destruction.
What is the man in the middle attack
Quote wikipedia introduction, middle attack (Man-in-the-middle attack, MITM) in the field of cryptography and computer security refers to create separate contact both ends of the attacker and the communication and exchange of data it receives so that both ends of the communication think they are directly connected by a private dialogue with each other, but in fact the entire session are fully controlled by an attacker.
In the middle attack, the attacker can intercept the communication between the two sides talk and insert new content. In many cases it is very simple (e.g., a Wi-Fi unencrypted within the acceptable range of the wireless access point intermediary attacker can insert their own as an intermediary of the network).
A man in the middle attack can succeed only if the attacker is able to disguise themselves as each of the terminals participating in the session and will not be seen through the other terminal. Middle attack is a lack of mutual authentication attacks. Most encryption protocols are specially added some special methods of authentication to prevent man in the middle attacks. For example, SSL protocol can verify that one of the parties involved in communication or a certificate issued by the authority using the certificate authority trusted and can perform two-way authentication.
In simple terms refers to the attacker to take over the communications traffic between the two ends, an attacker can intercept the communication between the two sides and tampering with the contents of the call. Want to take over traffic, you need to be able to attackers were disguised himself at both ends of the communication, and will not be seen through the other end, DNS spoofing and session hijacking are all common man in the middle attacks.
For easy to understand example, Xiao Ming class to Alice wrote a small piece of paper, she was about ready to not go after school, he transferred to the paper through a small three red, three hearts but little jealous, to imitate the handwriting Xiao Ming content small piece of paper quietly amended to "want to see you," Alice knew nothing about this, thinking that it is the intention of Xiao Ming, so a marriage is over. This one is a little three "middleman", her operation is executed in the "middle attack."
General DNS spoofing and session hijacking are all common means of middlemen, and from inception to use various combinations of punches are also diverse, some related technologies include:
- + Wired LAN ARP poisoning attacks middleman forged SSL certificates
- + Wired LAN ARP poisoning attacks middleman SSL offload
- Pseudo wireless AP + DHCP configuration
- SSLStrip middleman sniffing
- + + DNS hijacking middle attacks phishing page + XSS attacks
- SET-based DNS hijacking of social engineering phishing attacks
- Based middle attack session hijacking attacks
- ……
Particularly posture, even in ancient times God-level classic operation, as well as the God of Kevin Mitnick big man in the middle attack directly into the ends of the communication by predicting TCP sequence numbers disguise of (the relevant agreement has fixed the vulnerability).
Middle attack a number of related projects and blog
Front did not begin more specific details, more information about the man in the middle attacks, tools, and practices, there are some relevant content on the OSC Web site can view, citing a few examples:
Related open source projects
BetterCap is a powerful, modular, lightweight MiTM framework that can be used to carry out various types of network-middle attacks, can also be real-time operating HTTP and HTTPS traffic.
A man in the middle attack for Android testing tools, enabling data sniffing, session hijacking, WiFi End and DNS spoofing and other functions.
prn-2-me listener to create a custom disguised as a printer.
There are a lot more. Of course, like Kali Linux, Burp Suite, nmap and basic tools such as Metasploit not go into here. View more content: https://www.oschina.net/project
Related blog
HTTPS security on the one hand due to make up for the disadvantage of non-encrypted transmission of HTTP, and HTTP-middle attack this disadvantage also make it easier to occur.
HTTP data stream data transmission with plain text, the attacker can use the LAN packet capture and other means to easily obtain information about the user to interact with the server.
HTTPS is not completely safe, middlemen can get to the content of all communications between the client and the server.
Full of dry goods with you fully understand the man in the middle attack test framework MITMf.
Note: The "People's Republic of China Network Security Law," "Regulations on Protection of Computer Information System Security People's Republic of China" and other legal warning. Do not try to technology used for illegal behavior.
Ali cloud server 2000 yuan universal vouchers, 223 yuan / 3 years
Huawei cloud registration Ji Song 8888 yuan red envelope 1 nuclear 2G cloud host 79 yuan / year
