Nicholas,
...
Thanks to an ability to spoof packets from a gazillion different locations, as
long as they can inject a spoofed packet from ANOTHER link in time, they will
still be able to do packet injection. The attacker's point of injection needs
to be closer (latency wise) on the network than the final destination of the
packet, but thats usually a pretty easy constraint to meet.
If I understand the attack, it requires wiretapping to determine the TCP
sequence numbers and window
info to create an acceptable response, then send a packet to effect the
redirect. When you factor
in the latency constraint, it's not clear that there are "a gazillion
different locations" for
an active wiretapper to use, relative to a wide range of possible targets.
...
If you are assuming MITM on a packet level rather than just an eavesdropper
(man on the side), then it really is a full-active attack is just a matter of
willingness to do so, since a full MitM can drop packets as well.
Sorry that I was not clear in my comment. What I was saying is that we
usually view a full, MITM
capability as representing a active wiretap capability, and that is NOT
the assumption on which
the attack you noted is based. Thus I was arguing that the full MITM
capability may be much harder
achieve, vs. a passive capability. Also, given the asymmetric routing
common for many Internet paths,
it might be hard to be a MITM, or a passive wiretapper, for both
directions of a session, unless
one is able to be very close to one end of the session.
Your discussion of what it takes to securely configure LAN switches, and
WLANs does
not convince me that its easy for an adversary to gain access, or,
conversely, that it's
very hard to manage LANs and WLANs to address the cited vulnerabilities.
That does not mean
that I assume all LANs will be well-managed in this regard, but it's a
big jump from
"sloppy LAN management" to "easy to effect a MITM" attack on most
enterprise LANs.
Over the weekend i checked with a friend who consults on security
matters to a number of large firms,
principally in the financial services and related industries. He
confirmed by earlier comments re use
of encryption within enterprise LANs. It is almost non-existent, and the
IT folks want to keep it
that way. They do not see credible passive wiretapping threats in their
nets, and they value ease of
monitoring and debugging more that the incremental security offered by
adding encryption. (They're big
on authentication and integrity, just no confidentiality measures within
a LAN.)
Why? Since its clear that there aren't technical limitations on an eavesdropper becoming
a full MitM in most cases, its really is only "does becoming a full MitM benefit me
as an attacker vs any increased risk of detection".
You have asserted that it's easy, but I don't agree with a number of
your arguments, so
I'm not ready to concede that becoming a MiTM is easy in many cases.
...
You need full authentication of all data and communication, so sorry for being
unclear.
OK, glad we agree on that point.
The problem many of us see is that it's much easier to perform
opportunistic encryption,
that does not provide authentication, than to provide authentication
with encryption.
Steve
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
