>>>>> "Richard" == Richard Barnes <[email protected]> writes:
Richard> I would note that attack at this level does not really
Richard> qualify as "pervasive". And that there are sizeable
Richard> technical differences between doing injection on a WiFi
Richard> link and doing injection in, say, an OC-192. So we should
Richard> not regard passive and active attack as equivalent.
I do buy the arguments about being able to handle 10 gbps on commodity
hardware.
However, let's assume I didn't buy that.
Why would I choose to inject on the oc-192?
To get a packet in, I just need to inject somewhere where it will not
get filtered out.
There are a lot of exploits I can run if I can see your traffic (my
permasive monitoring) and if I can insert packets, even if I cannot
suppress or modify packets.
Yeah, perhaps you'll get some images that fail to download correctly, or
some strange TCP resets observed at one end but not the other.
I suspect I'm not the only one on this list who fails to inventigate all
the events of that class that affect me.
So, I think understanding how permasive monitoring enables these other
attacks is very much in scope for the high-level picture and is
definitely something the March workshop should consider.
It's also the sort of analysis I'd expect people to look into when doing
security considerations sections after the passive threat BCP is
approved.
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
