The issue is not so much that an attacker can take over a DHCP or a DNS server. Then, you are indeed in trouble.
The problem is more that DHCP and DNS traffic is not integrity protected (and in case of DHCP it is even hard to do it). Someone located in your local network could inject or modify traffic. Whether you consider this is a threat you care about is a secondary consideration. On Mar 15, 2013, at 10:09 AM, Wendy Roome wrote: > Seems to me that if the "bad guys" can subvert DHCP and DNS servers, > they've already taken over the network. Why would they bother spoofing an > ALTO server? And if they have "admin access to network equipment," the > odds are they're already running the ALTO server. > > Did I miss something here? Yes, those are real threats, but they have > nothing to do with ALTO security. > > - Wendy > >> >> From: Sebastian Kiesel <[email protected]> >> Subject: Re: [alto] Hannes security questions >>>> >>>> Just as an example: Why would someone want to sent a client fake ALTO >>>> information or impersonate a server? What would be their benefit? >>> One reason for spoofing an ALTO server would be to divert clients from >>> legitimate servers to the spoofer's fake server. But I don't see any way >>> a >>> spoofer can do that with the ALTO protocol. >> >> Depending on the network scenario and depending on whether the attacker >> is a "regular user" or has administrative access to the access network >> equipment, one could try sending forged DHCP replies in an Ethernet, try >> some DNS poisoning, install a transparent HTTP proxy that does some >> modifications, etc. >> > > > _______________________________________________ > alto mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/alto _______________________________________________ alto mailing list [email protected] https://www.ietf.org/mailman/listinfo/alto
