tcp/routing question...
Lai Zit Seng
lzs at pobox.com
Wed Jun 8 03:36:29 UTC 2005
On Tue, 7 Jun 2005, Scot L. Harris wrote:
> On Tue, 2005-06-07 at 19:34, Lai Zit Seng wrote:
>> On Tue, 7 Jun 2005, Scot L. Harris wrote:
>>
>>> The difficulty is in getting a system inserted into such a position. It
>>> typically requires physically inserting a system in the path unless the
>>> attacker is able to mess with the end systems proxy settings and
>>> redirect things that way.
>>
>> In practice, there are many ways to do this, so it's actually not terribly
>> difficult. E.g. one could subvert the DNS so that the client
>> unwittingly connects to the wrong server.
>
> Agreed there are several different ways to attempt a man in the middle
> attack. None of them are what I would call easy to do. :)
Actually... sure it may not be "trivial", but at the same time it is not
all that difficult.
> There much easier ways to attempt to break into systems.
That is true. And the attacker will (or at least ought to!) choose the
weakest link, considering also the type of expertise he has.
Just because something is difficult for some people doesn't mean it is
difficult for others. An analogy: Many ways to break into a house. Not
everyone knows how to pick a lock... so perhaps it is easier to break the
glass window. But someone else with lock picking skills would probably
prefer picking the lock (preferred because no glass breaking noise to
attract attention).
Breaking into computers could be similar. There are people with network
expertise. They know how to subvert DNS. Or they know how to inject
routes. Or they know where to find tools to do ARP spoofing. Otoh, someone
else may have more skills with buffer overflowing SSH daemons, or mangling
URLs to the webserver, etc. Ah, and then yet someone else might have even
better social engineering skills :)
Furthermore, consider an attacker who has some motivation (e.g.
monetary...) to break into the system. If he doesn't have the skills... he
will find out, or he will find someone to do it, etc.
> The more likely vector for attacks are inside personnel and poor
> security procedures (bad passwords, sloppy firewall rules, etc.).
That's happens very often, I agree :)
Regards,
.lzs
--
http://zitseng.com/
More information about the fedora-list
mailing list