Darril wrote: »
Just as Psoasman and LogicBomb508 state, a replay attack is a more specific type of man-in-the-middle attack. I view the biggest difference in the intent. In the man-in-the-middle attack the intent is simply to capture the data, but in a replay attack the intent is to reuse the data in an an attack.
A man-in-the-middle attack is a form of active interception or eavesdropping. An attacker can use a sniffer or protocol analyzer (such as Wireshark) to capture transmitted data. A wireless access point placed in a wireless closet and transmitting captured data to someone outside the building can be considered a man-in the middle attack.
In a replay attack the captured data is later used to formulate an attack using the trasmitted data. For example, if the captured data includes credentials, the attacker can use those credentials to impersonate the client with slightly modified data packets.
Kerberos prevents replay attacks by making sure that all clients are within 5 minutes of each other and rejecting traffic outside of this five minute timeframe. Five minutes simply isn't enough time to capture the data, crack the credentials, and rebuild the data packets.
Author: CompTIA Security+: Get Certified Get Aheadwww.sy0-201.com
Security+ BlogSecurity Plus: Get Certified Get Ahead
Security+ Tip of day Tweets