Solved: Are there not three different man in the middle attacks here?

csams10 · ‎05-05-2025

I don't think phishing counts as man in the middle but cisco says it is and I know for a fact that DHCP spoofing and impersonating public wifi is also a man in the middle. Why does CISCO think there are only two or is the test playing mind games with multiple correct answers?

Edit: Never mind, I misread the content. Phishing is a means of installing a man in the middle, not a man in the middle on its own.

amojarra · ‎05-06-2025

Hello @csams10

Phishing is not a man-in-the-middle (MitM) attack because it operates through social engineering, not through intercepting or manipulating communication between two parties.

A man-in-the-middle attack occurs when an attacker intercepts and manipulates communication between two legitimate parties (e.g., between a user and a website) without their knowledge. The attacker inserts themselves into the communication flow, acting as a "middleman" to eavesdrop, alter, or steal information in real time.
Phishing doesn’t involve intercepting communication. Instead, it entices the victim to directly interact with the attacker (e.g., by visiting a fake website or responding to a fraudulent email). This is fundamentally different from MitM attacks, where the attacker remains "invisible" between the two legitimate parties.

Regards,

Amirhossein Mojarrad

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++ If you find this answer helpful, please rate it as such ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++

Regards,
Amirhossein Mojarrad
+++++++++++++++++++++++++++++++++++++++++++++++++++
++++ If you find this answer helpful, please rate it as such ++++
+++++++++++++++++++++++++++++++++++++++++++++++++++

View solution in original post

M02@rt37 · ‎05-05-2025

Hello @csams10

the key is often to pick the "most correct" or "best" answer in the context given...

Phishing by itself is not a Man-in-the-Middle atack. It's a social engineering tactic used to trick users into giving up credentials or installing malware, which can enable a MitM scenario later—like installing a rogue certificate or redirecting traffic through a malicious proxy.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

amojarra · ‎05-06-2025

Hello @csams10

Phishing is not a man-in-the-middle (MitM) attack because it operates through social engineering, not through intercepting or manipulating communication between two parties.

A man-in-the-middle attack occurs when an attacker intercepts and manipulates communication between two legitimate parties (e.g., between a user and a website) without their knowledge. The attacker inserts themselves into the communication flow, acting as a "middleman" to eavesdrop, alter, or steal information in real time.
Phishing doesn’t involve intercepting communication. Instead, it entices the victim to directly interact with the attacker (e.g., by visiting a fake website or responding to a fraudulent email). This is fundamentally different from MitM attacks, where the attacker remains "invisible" between the two legitimate parties.

Regards,

Amirhossein Mojarrad

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++ If you find this answer helpful, please rate it as such ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++

Regards,
Amirhossein Mojarrad
+++++++++++++++++++++++++++++++++++++++++++++++++++
++++ If you find this answer helpful, please rate it as such ++++
+++++++++++++++++++++++++++++++++++++++++++++++++++