In Peter's mail message he asks...
>> are familiar with the hijack attacks on afs and netware?
I believe so -- your own paper on the AFS hijacking described
a pretty neat trick for attaking machines. Although I never read
about trying to attack NetWare, I assume the technique is the same.
The idea, I believe, is that the hijacker ``snoops'' the ethernet
looking for a client/server ``connection.'' The ``bad-guy''
(your term if I remember correctly) is making use of two things:
1.) Much of the real data traffic is actually sent using
``connectionless'' (UDP) traffic.
2.) The client/server authentication takes place once.
So, by snooping around the ethernet, the hijacker discovers an
existing client/server relationship, steals ``enough of the right
stuff'' and then adds it's packets on top of/in place of the true
client. The trick is borrowing ``enough'' information from the
wire that the server can be effectively coaxed into releasing
information to the hijacker, without confusing the ``victim.''
[As I recall your paper explained another trick that requires host
access to the ``victim'' machine - but I'm concentrating on the
promiscuous network behavior attack].
How does PCI protect against this type of attack? I do not know.
It may not but I'm going to ask one the protocol guys that would know.
I'm not one of the PCI developers and have never looked at the
guts of the PCI protocol. I got into this discussion when someone
asked how to make AFS talk to dumb PCs and Macs. I responded with
the scheme we use.
PCI is successful in the market (as is NetWare and a few other schemes)
and PCI does protect against a number of common attacks. Is there yet
another hole here? I'ld have to look in detail, just as you did when
you took apart AFS.
Peter, please remember that the trick I was pointing out is that
we >>have<< been able to use PCI with other UNIX based tools such
as AFS, on a day-to-day basis, without mods to either and without
a number of the security problems that NFS has. I do agree that
a mod to the PCI server will make it easier to use with AFS/DFS or
the like, and would >>probably<< make it more `secure''.
The question was not academic. It was a simple pratical question.
Can I do this? Is is basically secure?
You seems to have asked -- Will it pass the test of the attack of
the ``Killer Honey-Students'' ;-) -- Well I never tried it and
I'm not sure if it will, although I'm not sure it will not either.
Why don't you and I take this off-line if you want to talk
a little more about the hijacking or other protocol issues.
Cheers...
Clem
