Re: tcp vulnerability? haven't seen anything on it here...
From: jamal (hadi_at_cyberus.ca)
Date: 04/22/04
- Previous message: Shantanu Goel: "[ACPI x86_64] 2.6.1-rc{1,2} hang while booting on Sun v20z aka Newisys 2100"
- In reply to: Giuliano Pochini: "Re: tcp vulnerability? haven't seen anything on it here..."
- Next in thread: alex_at_pilosoft.com: "Re: tcp vulnerability? haven't seen anything on it here..."
- Reply: alex_at_pilosoft.com: "Re: tcp vulnerability? haven't seen anything on it here..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: Giuliano Pochini <pochini@denise.shiny.it> Date: 22 Apr 2004 10:27:02 -0400
On Thu, 2004-04-22 at 09:46, Giuliano Pochini wrote:
> On Thu, 22 Apr 2004, jamal wrote:
>
> > On Thu, 2004-04-22 at 04:23, Giuliano Pochini wrote:
> >
> > > Yes, but it is possible, expecially for long sessions.
> >
> > In other words, 80% or more of internet traffic would not be affected
> > still using http1.0 would not be affected.
> > And for something like a huge download to just regular joe, this is more
> > of a nuisance assuming some kiddie has access between you and the
> > server.
>
> No, TCP/IP is 100% vulnerable to the man-in-the-middle attach.
> There is no cure for that.
Unless its a private network with locked vaults for the pipes, any
network is vulnerable.
I am not trying to downplay the relevance of this; all i am saying
is it may a little overhyped with the media being involved. Its
infact harder to create this attack compared to a simple SYN attack.
On Thu, 2004-04-22 at 09:58, Florian Weimer wrote:
jamal <hadi@cyberus.ca> writes:
>
> > OTOH, long lived BGP sessions are affected assuming you are going across
> > hostile path to your peer.
>
> Hostile path is not required. Not at all. 8-(
>
>
Unless i misunderstood:
You need someone/thing to see about 64K packets within a single flow
to make the predicition so the attack is succesful. Sure to have access to
such capability is to be in a hostile path, no? ;->
> And it's not BGP specific. You might be able to use this attack to
> split IRC networks, too. However, it's a bit harder in this case
> because IRC servers usually use more random source ports.
Any long lived flow with close to fixed ports. FTP from kernel.org could
be vulnerable - get a better client and its just becomes a nuisance.
80% of the internet traffic is still TCP/HTTP1.0 which is very
short lived (there could be changes lately - these are numbers from
a while back) i.e you wont see more than 8 packets i.e it is highly unlikely
your traffic there is affected even if you used fixed ports.
cheers,
jamal
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
- Previous message: Shantanu Goel: "[ACPI x86_64] 2.6.1-rc{1,2} hang while booting on Sun v20z aka Newisys 2100"
- In reply to: Giuliano Pochini: "Re: tcp vulnerability? haven't seen anything on it here..."
- Next in thread: alex_at_pilosoft.com: "Re: tcp vulnerability? haven't seen anything on it here..."
- Reply: alex_at_pilosoft.com: "Re: tcp vulnerability? haven't seen anything on it here..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
