If the company use MITM proxy to monitor employees, I trace the same IP using my own laptop and the company laptop, respectively, Is there an extra hop when using the company laptop? Thanks.
Asked
Active
Viewed 1,061 times
0
-
What happened when you tried? – DavidPostill Apr 04 '20 at 21:01
-
The hops are exactly the same. – Richard0226 Apr 04 '20 at 21:01
-
Then the answer is no. – DavidPostill Apr 04 '20 at 21:02
1 Answers
2
This depends entirely on how the MITM attack is performed - you certainly can't read anything much into the likelyhood of an MITM attack based on number of hops. It is possible to do a MITM attack without modifying the apparent path, although depending on what is being attacked and how, this could range from trivial to extremely difficult.
The easiest way for a company to avoid hops as a method of detection would be to differentiate on traffic - ie only MITM traffic on the ports of interest, so allow ICMP and the equivalent UDP packets to continue to be routed unmodified.
Also, any router in the path would be able to modify the responses so as to modify the TTL's so as to hide itself. Additionally a MITM device could, save for its MITM efforts behave like a bridge which is invisible in a traceroute.
If you are worried about being MITM'd for HTTPS traffic, look at the signature of the certificate your browser advertises when going through the company system vs another system - that is a better metric to gauge the likelyhood that your traffic is being intercepted.
davidgo
- 70,654