On Sat, Jun 28, 2003 at 01:06:03PM -0700, Bill Stewart wrote: > Somebody did an interesting attack on a cable network's customers. > They cracked the cable company's DHCP server, got it to provide a > "Connection-specific DNS suffic" pointing to a machine they owned, > and also told it to use their DNS server. > This meant that when your machine wanted to look up yahoo.com, > it would look up yahoo.com.attackersdomain.com instead.
This problem is old and well-understood. It is why there is work in the IETF to combine the acquisition of a DHCP lease with the acquisition of an initial IPsec SA to integrity-protect that lease. It's not easy for me to see why anyone would expect anything *but* that MITM attacks against client systems that are entirely configured by DHCP would be practical. If the DHCP client and server share no cryptographic guarantee of trust... ..oh, I'm sorry, I forgot that the anacephalic have fallen for "you can magic up trust out of nowhere" about ten times in succession in my immediately previous area of work, 802.11. :-) Where I used to work, at ReefEdge, we disposed of the 802.11 security garbage and used a TLS-based solution that was not entirely unlike PIC, dispensing temporary credentials for use with IKE to users based on their legacy authentication. As the designer and maintainer of this system, I became *very* cognizant of DHCP-based and DNS-based attacks, and very skeptical of the sort of proposal someone brought be every few days suggesting that some later establishment of a trust relationship could overcome a successful MITM attack on one of the early stages of the client's "boot up and get SA" negotiation. (of course, I also became very skeptical of many other folks' "use legacy credentials to bootstrap IKE" techniques; there are implementations out there in widespread use which default to only authentication methods that are trivially MITMed, and at least one I can think of that _can not be configured_ to do standard IKE in a secure way. Ouch! But the simultaneous IKE and DHCP proposal I read a few years ago at the London IETF seemed pretty sound.) Thor --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]