On Tuesday 03 June 2003 05:12 pm, Dave Hooper wrote:
> True, that is simpler. I've just realised the flaw, however, that both
> your and my schemes have: We never actually check that C is using a.b.c.d
> to contact A. Which is, after all, the whole point.
>
> For example, "A->C connect to a.b.c.d and say 'foo'" may as well just be
> "A->C reply to me and say 'foo'" - if C is evil and in league with B it
> may not use a.b.c.d to contact A, but just use A's return address instead.
> In which case we don't know if a.b.c.d is valid (we just reckon it
> probably is given that B!=C, but this scheme is no better than asking A->B
> what is my ip and A->C what is my ip and believing them both if they give
> the same answer).
> And even then I guess it could be spoofed.
Then:
a) Use a bunch of nodes, preferably with IP different in all 4 octets. Keep
doing this forever.
b) If possible, use an invalid spoofed IP when talking to C. This may require
a modification of FNP to not require a full 2-way handshake.
Or accept that auto-IP is vulnerable, and tell the security conscious to
manually set it. But I don't get the problem with invalid IP reporting - I
can't think of any worse consequence than an invalid announcement getting
out. These can be created anyway.
--
"I love deadlines. I love the whooshing sound they make as they go by."
- Douglas Adams
Nick Tarleton - [EMAIL PROTECTED] - PGP key available
_______________________________________________
devl mailing list
[EMAIL PROTECTED]
http://hawk.freenetproject.org:8080/cgi-bin/mailman/listinfo/devl
