An on-path attack, also known as a man-in-the-middle (MITM) attack, is a form of active eavesdropping where an attacker positions themselves in the communication path between two parties. By spoofing the IP address of a legitimate server, the attacker can intercept traffic intended for that server, and then inspect, modify, or redirect it without the knowledge of the communicating parties. The scenario described—intercepting and redirecting traffic via IP spoofing—is a textbook example of an on-path attack methodology.

B. Advanced persistent threat (APT): An APT refers to a prolonged and targeted cyberattack campaign, not the specific network interception technique described.

C. Trojan: A Trojan is a type of malware that misleads users of its true intent by disguising itself as legitimate software; it does not describe a network traffic interception method.

D. Spyware: Spyware is a category of malware designed to secretly gather information from a user's device, which is different from actively intercepting and redirecting network traffic.

---

1. National Institute of Standards and Technology (NIST) Computer Security Resource Center (CSRC) Glossary.

On-Path Attacker: "An adversary that can read

write

and delete messages between two parties without either party knowing that the adversary is on the path."

IP Address Spoofing: "Faking the sending IP address in a packet to fool the recipient into accepting it as coming from a trusted source."

Source: NIST CSRC Glossary

s.v. "on-path attacker

" "IP address spoofing." Retrieved from https://csrc.nist.gov/glossary

2. Internet Engineering Task Force (IETF) RFC 4949.

Man-in-the-middle attack: "A form of active wiretapping attack in which the attacker intercepts and selectively modifies communicated data to masquerade as one or both of the entities involved in a communication association." (Note: On-path attack is the modern term for MITM).

Source: Shirey

R. (2007). Internet Security Glossary

Version 2. IETF. RFC 4949

Section 2

Page 189. https://doi.org/10.17487/RFC4949

3. MIT OpenCourseWare

6.858 Computer Systems Security.

Lecture notes describe Man-in-the-Middle (MITM) attacks where an adversary can "impersonate server to client (and client to server)" and "intercept and modify traffic." Techniques like ARP spoofing and DNS spoofing are cited as methods to achieve this position.

Source: Kaashoek

M. F.

& Zeldovich

N. (2014). 6.858 Computer Systems Security

Lecture 11: Network Security. MIT OpenCourseWare. Retrieved from https://ocw.mit.edu/courses/6-858-computer-systems-security-fall-2014/resources/mit6858f14lec11/