The attacker positions forces between two communicating parties
and both intercepts and relays information between the parties so that each
believes they are talking directly to the other when, in fact, both are
communicating through the attacker. Examples include attacks on public key
cryptosystems permitting a man-in-them-middle to fool both parties, attacks
wherein an attacker takes over an ongoing telecommunications session when
one party decides to terminate it, and attacks wherein an attacker inserts
transactions and prevents responses to those transactions from reaching the
legitimate user.
Complexity: Man-in-the-middle attacks normally require the implementation of
a near-real-time capability, but there are no mathematical impediments to
most such attacks.
fc@red.a.net