Did you ever play 'monkey in the middle' when you were a kid? That's the game where one kid stands in the middle while two or more other kids pass a ball back and forth and try to ensure that the kid in the middle doesn't intercept it. Well, the man-in-the-middle (MitM) attack works on a similar premise. Basically, two parties pass communications data back and forth and try to ensure that the attacker in the middle doesn't intercept it.

By its nature, an MitM attack is most likely to be successful when the attacker has access to the internal network. If executed successfully, all communications between the two parties in both directions are rerouted to flow through the attacker's computer without the knowledge of the communicating users. The attacker is then able to capture, read (or listen to), or modify the data. The attacker can then do any of the following with the data:

• eavesdrop, or listen to the conversation
• redirect the data to another recipient
• alter the conversation (delete content, add content, replaying content)
• cause a denial-of-service (simply don't allow the data to flow between the parties)

An attacker can initiate an MitM attack if they are able to modify Active Directory and add their PC as a trusted server, or if they can modify DNS to direct traffic to be routed through their PC en route to the destination. With Microsoft OCS 2007, an MitM attack between two clients is less likely because the media streams between the two points are encrypted with SRTP, using cryptographic keys negotiated between the two clients using SIP over TLS.