In dealing with the possibilities of Man in the Middle scenarios that are found in the wild. How can ExtraHop expose or detect when these are occurring?
At a high level and the most common scenarios to be considered would be:
SSL/SSH - TLS attack or substitutions
L3 MitM - route redirection and potentially DNS hijacking.
L2 MitM - Arp spoofing and MAC insertion
Any insights would be appreciated.