From: Mikus Grinbergs <[EMAIL PROTECTED]>
Newsgroups: list.mers
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: 12 March 2001 00:18
Subject: Re: Mersenne: Security of prime95 + electricity costs.
> I believe it is the CLIENT that initiates all GIMPS communications.
> In other words, there is __no__ daemon which is listening to random
> incoming messages.
I sincerely hope not. I was a bit concerned by this in the WHATSNEW file:-
#New features in Version 19.0 of mprime
#--------------------------------------
[...]
#18) The server can now broadcast important messages to the mprime client.
However I think (hope) this means that it 'broadcasts' messages to clients
when they connect.
> (Buffer overflow attacks are usually directed
> at programs which accept messages from anywhere on the internet.)
There are two exceptions to this. 1) email and news clients can be attacked
by way of hostile content in the message body or (more likely) the headers.
Obviously this does not apply here, and 2) any client could be attacked by the
server to which it connects. Again, the situation is a little different for a
GIMPS client, from, say, a browser in that we are only connecting to a single
server, which presumably, we regard as trustworthy. However, the Primenet
server DOES accept messages from anywhere on the Internet, and, if cracked and
owned, would be in a perfect position then to attack its clients.
> To make use of the GIMPS communication protocols, the attacker
> might have to WAIT for the user's Prime95 program to initiate
> contact, and would then have to SPOOF being the Primenet server.
> In my opinion, there are easier pickings on the 'net for attacks.
That's the third scenario, and I agree that it is rare. However I don't think
you can assume that an attacker is looking for easy targets. One cracking
scenario is that he gains access to one machine which is connected by an
intranet to other, more secure boxes. If one of them is running a GIMPS
client then there's a fairly good chance that many or all of the others will
be too. That would present a very tempting target.
Bear in mind that, unlike a browser, a GIMPS client runs continuously,
unmonitored, and often communicates when there is no human operator there.
> In my opinion it would be easier to spoof the "Manual Entry"
> Primenet server, which uses a browser interface rather than the
> "below-the-covers" interface of the Prime95 client.
The client source code is available for anyone to inspect.
[...]
> 2. Attacks facilitated by being on-line in the first place -
I agree that the proportion of users for whom communicating with Primenet
accounts solely for a significant proportion of their connection time is
vanishingly small.
>mikus
Daran G.
_________________________________________________________________________
Unsubscribe & list info -- http://www.scruz.net/~luke/signup.htm
Mersenne Prime FAQ -- http://www.tasam.com/~lrwiman/FAQ-mers
